Question 1

A giant network connecting virtually any device at home or work to the internet, resulting in a 'relationship between people-people, people-things, and things-things' is called:&#10;A) e-HRM&#10;B) cyber security&#10;C) Internet of Things (IoT)&#10;D) cloud computing

Accepted Answer

The Internet of Things (IoT) is a network of connected devices, objects and machines that can communicate and exchange data over the internet. It allows for a relationship between people and things, and things with each other, and is changing the way we live, work and interact with technology. A, B, and D are not correct as they refer to different concepts. e-HRM is the use of web-based technologies to manage HR functions, cyber security refers to the protection of computer systems from theft or damage to their hardware, software or electronic data, and cloud computing refers to the practice of using a network of remote servers to store, manage, and process data.

Question 2

__________ have evolved from worms and viruses to more advanced and organized attacks with the emergence of deception technologies.&#10;A) Cyber security&#10;B) Cyberattacks&#10;C) Cloud computing&#10;D) User credentials

Accepted Answer

The sentence specifically refers to the evolution of cyberattacks, not cyber security, cloud computing, or user credentials. The use of deception technologies suggests that cyberattacks have become more sophisticated and strategic.

Question 3

______________ is the &#34;management framework to initiate, implement and control information security within the organization&#34;.&#10;A) Information Security Management System (ISMS)&#10;B) Plan-Do-Check-Act (PDCA) Cycle&#10;C) Internet of Things (IoT)&#10;D) Distributed Denial of Service Attacks (DDoS)

Accepted Answer

Information Security Management System (ISMS) is a framework that ensures the implementation, maintenance, and continuous improvement of information security measures in an organization. It involves a systematic approach to managing sensitive company information to protect it from unauthorized access, use, disclosure, or destruction. The PDCA cycle is a quality management approach used to achieve continuous improvement in processes and products, while IoT is a network of interconnected devices that share and analyze data. DDoS attacks are malicious attempts to disrupt normal traffic of a targeted server, service or network, by overwhelming the target with a flood of Internet traffic.

Question 4

The __________________ is considered the best-known standard in providing requirements for an information security management system (ISMS).&#10;A) ISO/IEC 27000 family&#10;B) COBIT&#10;C) NIST&#10;D) ISO/IEC 27001

Accepted Answer

ISO/IEC 27001 is the standard that provides requirements for an information security management system (ISMS) and is considered the best-known standard for this purpose. The ISO/IEC 27000 family of standards includes other supporting standards for information security management. COBIT and NIST provide frameworks and guidelines for IT governance and security, but they do not specifically provide requirements for an ISMS.

Question 5

ISO defines _________ as &#34;a systematic approach to managing sensitive company information so that it remains secure.&#10;A) ISMS&#10;B) COBIT&#10;C) NIST&#10;D) ISO/IEC 27001

Accepted Answer

ISO (International Organization for Standardization) defines ISMS (Information Security Management System) as "a systematic approach to managing sensitive company information so that it remains secure". COBIT (Control Objectives for Information and Related Technology), NIST (National Institute of Standards and Technology), and ISO/IEC 27001 are related to information security but do not have the exact same definition as ISMS.

Question 6

______________ starts with asset identification which involves identifying all the information repositaries that need to be protected for running the business.&#10;A) Management assessment&#10;B) Risk assessment&#10;C) Performance assessment&#10;D) Electronic assessment

Accepted Answer

Asset identification is a part of the risk assessment process, as it involves identifying assets that need to be protected from potential risks. Management assessment, performance assessment, and electronic assessment are not relevant in this context.

Question 7

__________ are the external agents which could act to malicious effects.&#10;A) Vulnerabilities&#10;B) Controls&#10;C) Threats&#10;D) Risks

Accepted Answer

Threats are external agents or factors that have the potential to cause harm or damage to an organization's assets, operations, or reputation. They can be deliberate, such as cyber attacks or physical breaches, or unintentional, such as natural disasters or human errors. Vulnerabilities are weaknesses or flaws in an organization's systems or processes, and risks are the potential consequences that could arise from the exploitation of those vulnerabilities by threats. Controls are measures put in place to mitigate the risks posed by threats and vulnerabilities.

Question 8

_________ are the internal weakness in the system, such as unpatched system.&#10;A) Vulnerabilities&#10;B) Controls&#10;C) Threats&#10;D) Risks

Accepted Answer

Vulnerabilities are internal weaknesses that can be exploited by threats to cause harm or damage. These weaknesses include unpatched systems, outdated software, weak passwords, and lack of security measures. Controls are measures put in place to mitigate or prevent risks and threats, while risks are the potential negative outcomes of a vulnerability being exploited. Therefore, the best choice is A, vulnerabilities.

Question 9

Individual's expectation that one will use their personal data as intended and protect it from disclosure to unauthorized parties defines:&#10;A) cyber security&#10;B) user credentials&#10;C) SOX&#10;D) data privacy

Accepted Answer

The definition given in the question best aligns with the concept of data privacy, which refers to an individual's right to control their personal data and limit its access to authorized parties. Cyber security pertains to protecting devices and systems from unauthorized access or attacks, user credentials are login credentials used for accessing a system or service, and SOX (Sarbanes-Oxley Act) is a U.S. law that sets standards for financial reporting and corporate governance.

Question 10

In order to protect the Personal Identity Information (PII), organizations implement ______________.&#10;A) sensitive personal data&#10;B) privacy framework&#10;C) data protection laws&#10;D) consumer protection laws

Accepted Answer

A privacy framework is implemented by organizations to protect Personal Identity Information (PII) by establishing policies and procedures for handling and securing such data.

Question 11

Why is information security and privacy critically important to businesses?

Accepted Answer

The answer of Why is information security and privacy critically...

Question 12

What is Information Security Management System?

Accepted Answer

The answer of What is Information Security Management System?...

Question 13

Explain the critical role of HR in protecting information security and privacy?

Accepted Answer

The answer of Explain the critical role of HR in...

Question 14

List and discuss three of the common privacy principles included in the chapter.

Accepted Answer

The answer of List and discuss three of the common...

Deck 15: Information Security Privacy in E-HRM