Please note: In order to obtain your CPE certificate for having passed the quiz, you must turn off your pop-up blocker.
Hardy Article
Bunker Article
Humphries Article
Wallhoff Article
Njemanze Article
Driml Article
Parmar Article
CPE Quiz #
91
Based on Information Systems Control Journal Volume 4, 2003
A passing score of 75 percent qualifies for one (1) hour of CISA/CISM/CGEIT Continuing Professional Education (CPE) Credit
Your results will appear in a new window.
Enter your name below so it displays on the quiz results page:
Name:
Hardy Article1. The author recommends that an IT strategy committee contain a majority of members who are IT professionals, so the committee can maximize effectiveness.
2. According to the IT Governance Institute, effective IT governance consists of four main dimensions: strategic alignment, value delivery, IT resource management and performance management.
Bunker Article3. Approximately 300 new network vulnerabilities arise every year, according to the CERT Coordination Center at Carnegie Mellon University.
4. Ongoing assessments are a key part of a vulnerability management plan, and they provide three major benefits: highlight issues that need addressing, instruct how to repair vulnerabilities, and supply information that will be used to provide metrics that will measure the effectiveness of the processes.
5. Pulling vulnerability research into the centralized research team and pushing filtered vulnerability research to appropriate recipients are key elements of optimized research integration.
6. Progress tracking is a key benefit of implementing vulnerability management as an opened-loop system, since definable metrics can then be easily shared with executives and the board.
Humphries Article7. Examples of EFT risks that reside at the workstation include insufficient logical security, permitting inbound modem communications to the EFT workstation, and failure to encrypt the EFT file transmitted from the workstation.
8. System logging, reconciliation, physical security and network operating system security are all controls that can be integrated into an EFT processing environment.
Wallhoff Article9. Three main performance measures of a biometrics system include false-rejection rate, false-acceptance rate and cross-error rate.
10. Biometrics information life cycle controls include security policy, physical and environmental security, and event journaling.
Njemanze Article11. False positives are often exceedingly frequent for an intrusion detection system (IDS) which consumes bandwidth and can hide truly threatening attacks.
12. Intrusion prevention systems are improvements on IDSs in that they use risk correlation and threat assessment to take automated actions as a result of reaching certain threat levels.
Driml Article13. An effective, centralized network awareness center should inform all operation centers within two hours of all potential security breaches, so swift action can be taken.
14. Because of the need for interoperability and cross-training, it is important that individual network operation centers use the same hardware, software and protocols.
Parmar Article15. The payback appraisal technique for investment analysis is simpler than discounted cash flow techniques such as net present value or internal rate of return analysis.
16. The author advocates multiplying probability estimates with relevant cash outflows for security losses to assess the true cost of security risks.
|
Your results will appear in a new window.
|
Please note: This quiz requires a JavaScript-enabled browser.
If the quiz is not displayed above, you either do not have a browser which
supports JavaScript or JavaScript support has been disabled.
|
|
|