Govern
Complicate
Detect
Respond
Educate
100
These are high level statements of the overall intention or direction as formally expressed by Management. Compliance is mandatory.
What are Policies?
100
This is a weakness that may be exploited by a hacker.
What is a Vulnerability?
100
This is department is responsible for managing the SIEM.
What is Information Security Office?
100
This will ensure that incident response process is exercised outside the normal operational activity.
What is Incident Response Plan Testing?
100
This contains action plans, resource requirements, targeted audience, tools and techniques of awareness (e.g., posters, screensavers, warning banners), sources, websites of information security policy, and schedule of activities and frequency.
What is Information Security Awareness Program?
200
This details periodic activities to be conducted by Information Security Office to operationalize the information security strategy.
What is Information Security Program?
200
This domain is related to RA 10173.
What is Privacy?
200
This domain creates ability to anticipate breaches before they occur to respond quickly, decisively and effectively to confirmed breaches.
What is Threat Intelligence?
200
This is a centralized unit that handles incident response, security monitoring, and threat intelligence.
What is Security Operations Center?
200
True or False. Should information security trainings be identical across all departments?
False.
300
This will act as a liaison between information security organization and business units (e.g., operations, HR, legal).
What is Information Security Forum?
300
It is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules.
What is a Firewall?
300
This is a known information security-related group that shares threat intelligence regularly in the Philippines.
What is Information Security Officers' Group (ISOG)?
300
It is a service organization that is responsible for receiving, reviewing, and responding to computer security incident reports and activity.
What is a Computer security Incident Response Team (CSIRT)?
300
This document is the main source of content for the information security awareness training.
What is the Information Security Policy?
400
This contains the roles and responsibilities of various departments when it comes to information security.
What is Information Security Charter?
400
These are three states of data.
What are "Data in Use", "Data in Motion", and "Data at Rest"?
400
It provides real-time analysis of security alerts generated by network hardware and applications.
What is Security Information and Event Management (SIEM)?
400
These are some of the most important parameters of a BCP. These objectives guide the enterprises to choose an optimal backup plan.
What are Recovery Point Objective (RPO)and Recovery Time Objective (RTO)?
400
This is the recommended frequency of information security awareness trainings?
What is at least annually?
500
This is the best mechanism to align the business and IT objectives.
What is Information Security Risk Assessment?
500
These are the different approaches to implement strong authentication. Give at least two.
What are "something you know", "something you have", and "something you are"?
500
When developing a threat intelligence program, you can align it with what global standards? Give one example only.
What is Yara/STIX/TAXII/OpenIOC/CybOX?
500
These are the most important steps prior to performing Business Continuity Planning.
What are the Business Impact Analysis (BIA) and Risk Assessment (RA)?
500
This is best way to assess information security awareness in employees.
What is Social Engineering assessments?
M
e
n
u