论坛公告:应用容器安全指南(SP800-190)中文版   美国政府宣布禁用卡巴斯基软件   《中华人民共和国网络安全法》讨论帖   新手报到专用帖   【论坛公告】关于本站广告贴泛滥问题的整理通知   

当前时区为 UTC + 8 小时


发表新帖 回复这个主题  [ 3 篇帖子 ] 
作者 内容
 文章标题 : 老外的思路,有时很难适应
帖子发表于 : 2009-11-24 15:40 
离线
新手

注册: 2009-11-16 09:15
最近: 2009-12-05 14:34
拥有: 16.00 安全币

奖励: 0 安全币
在线: 40 点
帖子: 4
1、Which of the following is the MOST important IS audit consideration
when an organization outsources a customer credit review system to a
third-party service provider? The provider:
A、meets or exceeds industry security standards.
B、agrees to be subject to external security reviews.
C、has a good market reputation for service and experience.
D、complies with security policies of the organization.

NOTE:It is critical that an independent security review of an outsourcing
vendor be obtained because customer credit information will be kept there.
Compliance with security standards or organization policies is important,
but there is no way to verify or prove that that is the case without an
independent review. Though long experience in business and good reputation
is an important factor to assess service quality, the business cannot
outsource to a provider whose security control is weak.

手段比结果还重要。

2、Which of the following represents the GREATEST risk created by a
reciprocal agreement for disaster recovery made between two companies?
A、Developments may result in hardware and software incompatibility.
B、Resources may not be available when needed.
C、The recovery plan cannot be tested.
D、The security infrastructures in each company may be different.

NOTE:If one organization updates its hardware and software configuration,
it may mean that it is no longer compatible with the systems of the other
party in the agreement. This may mean that each company is unable to use
the facilities at the other company to recover their processing following
a disaster. Resources being unavailable when needed are an intrinsic risk
in any reciprocal agreement, but this is a contractual matter and is not
the greatest risk. The plan can be tested by paper-based walkthroughs, and
possibly by agreement between the companies. The difference in security
infrastructures, while a risk, is not insurmountable.

又一道出题思路理解不对。

3、When reviewing an active project, an IS auditor observed that,
because of a reduction in anticipated benefits and increased costs, the
business case was no longer valid. The IS auditor should recommend that
the:
A、project be discontinued.
B、business case be updated and possible corrective actions be
identified.
C、project be returned to the project sponsor for reapproval.
D、project be completed and the business case be updated later.

NOTE:An IS auditor should not recommend discontinuing or completing the
project before reviewing an updated business case. The IS auditor should
recommend that the business case be kept current throughout the project
since it is a key input to decisions made throughout the life of any
project.

MANUAL中,明明说要reapprove啊


--------本帖迄今已累计获得8安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 老外的思路,有时很难适应
帖子发表于 : 2010-06-28 13:57 
离线
初级用户

注册: 2010-06-25 16:14
最近: 2010-08-06 15:36
拥有: 341.00 安全币

奖励: 0 安全币
在线: 0 点
帖子: 45
思维不一样。


--------本帖迄今已累计获得2安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
 文章标题 : Re: 老外的思路,有时很难适应
帖子发表于 : 2010-06-28 14:58 
离线
高级用户

注册: 2010-05-25 14:30
最近: 2011-05-07 00:00
拥有: 2,610.00 安全币

奖励: 4 安全币
在线: 0 点
帖子: 165
吃牛肉和吃拉面长大的能想的一样吗。。。
吃牛肉的想,我还想吃狮子肉,我能迎接各种挑战。
吃拉面的想,啥时候我能吃上一口肉,有一口肉我就满足了。典型的自我满足型,没有抱负。


--------本帖迄今已累计获得2安全币用户奖励--------


回到顶部
 奖励本帖 用户资料  
 
显示帖子 :  排序  
发表新帖 回复这个主题  [ 3 篇帖子 ] 

当前时区为 UTC + 8 小时


在线用户

正在浏览此版面的用户:没有注册用户 和 1 位游客


不能 在这个版面发表主题
不能 在这个版面回复主题
不能 在这个版面编辑帖子
不能 在这个版面删除帖子
不能 在这个版面提交附件

前往 :  
cron
华安信达(CISPS.org) ©2003 - 2012