Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.
Hardy Article
Barbin and Patzakis Article
Hoskinson and Sleezer Article
Lee Article
Lux and Fitiani Article
CPE Quiz #
84
Based on Information Systems Control Journal Volume 3, 2002
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Name:
Hardy Article1. Manpower costs account for over two-thirds of the IT budget in most organizations, so human resource competencies are importance for IT governance.
2. The author recommends the use of technology metrics to measure the effectiveness of IT governance efforts. Examples of these metrics include: service levels, service definitions and security ROI.
3. The COBIT framework has seven key domains that need to be managed in an IT governance effort--planning, organization, acquisition, implementation, delivery, support and monitoring.
Barbin and Patzakis Article4. Computer forensics is the collection, preservation, analysis and court presentation of computer-related evidence. Modern computer forensic programs are designed to recover computer evidence such as deleted files and file fragments that are not normally viewable to most users.
5. Computer forensic tools can be used for non-investigative purposes. The tools are helping forensics transition from an investigative and response mechanism to one of prevention, compliance, and assurance.
Hoskinson and Sleezer Article6. Steganography is a technique of placing secret data within a larger file, such as a graphic file, so information can be transmitted within another file and go undetected by someone who intercepts the larger file.
7. The authors recommend making a bit-stream image copy of a disk drive when evaluating target media for forensic evidence. The bit-stream image copy should be used instead of working directly with the target drive.
Lee Article8. Cybersecurity incidents tracked by Carnegie Mellon's Computer Emergency Response Team (CERT) have increased by more than 100 percent from 1999 to 2000 and again by more than 100 percent from 2000 to 2001.
9. More effective authentication technologies are lagging other security tools that create anonymity. The author believes that technology changes will eventually make anonymous cyberabuse even easier to attain.
10. Components of critical infrastructure, as defined by the US government, include IT and non-IT components. The following are all examples of critical infrastructure: banking and finance, transportation, information and communications, and oil and gas production and distribution.
11. The majority of US critical infrastructure is owned and operated privately, so establishing laws and regulations to secure it against cyberattacks is a relatively simple process to implement.
12. Key controls recommended to prevent and detect cyberattacks include: employee and contractor background checks, intrusion and virus protection, encryption, and attack and penetration testing.
Lux and Fitiani Article13. Most hacks come from within an organization, so background checks are an important control for protecting the integrity of an organization's information assets.
14. Small businesses endure the same rate of loss from employee crime as larger companies.
15. The most common motive of criminal employees cited by the authors is revenge. Today's corporate downsizings can cause employees to become disgruntled, resulting in losses of data availability and integrity.
16. The authors recommend background screening to help improve the quality of a job applicant pool and to demonstrate commitment to employee safety and security.
|
Your results will appear in a new window.
|
Please note: This quiz requires a JavaScript-enabled browser.
If the quiz is not displayed above, you either do not have a browser which
supports JavaScript or JavaScript support has been disabled.
|
|
|