To see the answer, highlight the text after the “A:” letter.
Q: What are the types of audits?
A: internal audits, external audits
Q: What are the five activity groups of the Security Mgmt framework?
A: Control, Plan, Implement, Evaluate, Maintain
Q: What do the underpinning security policies form?
A: the Information Security Policy.
Q: True/false: Information Security Policy must be communicated to everyone in the organization
Q: What is the purpose of Supply Mgmt?
A: to manage the relationship between the IT provider and the suppliers through the underpinning contracts and to ensure they meet the agreed service level targets; negotiating, renewing and terminating contracts with partners, building a Supplier Contacts Database.
Q: With which process does the Supply Mgmt work?
A: with Service Level Mgmt.
Q: Define SCD
A: Supplier and Contract Database: set of data and information about the suppliers, their contracts and their performance.
Q: What are the activities of Supply Mgmt?
A: Supply policy, Evaluate new suppliers, Establish new supplier contracts, manage supplier contract and performance, renew or terminate supplier contract, categorize supplier and maintain SCD.
Q: Categories of suppliers?
A: commodity supplier, operational supplier, tactical supplier, strategic supplier.
Q: What’s the purpose of supplier categorization?
A: to distinguish the suppliers that have the highest impact and risk on the organization.
Q: IT Service Continuity plan
A: defines the trigger point of a Continuity procedure, the people involved, the communication required,…
Q: What is the purpose of BIA?
A: analyses the risk around VBFs and determines their continuity requirements in terms of RPO and RTO.
Q: Define RPO
A: Recovery Point Objective: The amount of data that will be lost after a disaster. It’s documented between the IT provider and the supplier.
Q: Define RTO
A: The amount of time needed to restore data after a disaster.