threat. External modems represent a security risk, but exploitation still
depends on the use of a valid user account. While the impact of users
installing software on their desktops can be high (for example, due to the
installation of Trojans or key-logging programs), the likelihood is not
high due to the level of technical knowledge required to successfully
penetrate the network. Although network monitoring can be a useful
detective control, it will only detect abuse of user accounts in special
circumstances and is, therefore, not a first line of defense.
556
、
Which of the following is the MOST important action in recovering
from a cyberattack?
A
、
Creation of an incident response team
B
、
Use of cyberforensic investigators
C
、
Execution of a business continuity plan
D
、
Filing an insurance claim
ANSWER:C
NOTE:The most important key step in recovering from cyberattacks is the
execution of a business continuity plan to quickly and cost-effectively
recover critical systems, processes and data. The incident response team
should exist prior to a cyberattack. When a cyberattack is suspected,
cyberforensics investigators should be used to set up alarms, catch
intruders within the network, and track and trace them over the Internet.
After taking the above steps, an organization may have a residual risk
that needs to be insured and claimed for traditional and electronic
exposures.
557
、
The MAJOR advantage of the risk assessment approach over the
baseline approach to information security management is that it ensures:
A
、
information assets are overprotected.
B
、
a basic level of protection is applied regardless of asset value.
C
、
appropriate levels of protection are applied to information assets.
D
、
an equal proportion of resources are devoted to protecting all
information assets.
ANSWER:C
NOTE:Full risk assessment determines the level of protection most
appropriate to a given level of risk, while the baseline approach merely
applies a standard set of protection regardless of risk. There is a cost
advantage in not overprotecting information. However, an even bigger
advantage is making sure that no information assets are over- or
underprotected. The risk assessment approach will ensure an appropriate