Voxygen ISO Quiz 2016

The correct answer is The CIO, Anna Pitt-Stanley. This is because as the Chief Information Officer, Anna Pitt-Stanley is responsible for overseeing the organization's information security and handling security incidents. Reporting security events to her ensures that the incident is escalated to the appropriate level and necessary actions can be taken to mitigate the risk.

If a Voxygen gmail user receives suspicious emails, it is important to inform the Chief Information Officer (CIO). The CIO is responsible for the organization's information security and can take necessary actions to investigate and address the issue. Ignoring the email may lead to potential security risks, and replying or unsubscribing may further engage with the sender and potentially escalate the situation. Deleting the email without informing the CIO may also prevent the organization from taking necessary precautions to protect its systems and data.

In the event of a disaster that renders the office building unusable for working, Voxygen personnel would be expected to work from home. This is a practical solution as it allows employees to continue their work remotely without the need for a physical office space. It ensures business continuity and minimizes disruption to the workflow. Resigning and finding work elsewhere or going on holiday would not be appropriate responses in such a situation. Renting their own office space might be a possibility, but working from home is a more cost-effective and convenient option.

The correct answer is "Within a timeframe commensurate with the importance of the issue raised" because it suggests that the resolution of the tickets should be prioritized based on the importance of the issue. The second part of the answer, "In the fastest time possible where there is a serious breach of security," is also correct as it highlights the need for immediate resolution in case of a serious security breach.

The correct order of phases in incident response to a breach or suspected breach of security is as follows: Detection/Alert (D) - Triage (B) - Response (E) - Recovery (A) - Follow-up (C). First, the incident needs to be detected and an alert needs to be generated. Then, the incident is triaged to determine its severity and impact. Next, a response plan is implemented to mitigate the incident and prevent further damage. Once the incident is under control, the recovery process begins to restore systems and data to their normal state. Finally, a follow-up is conducted to analyze the incident, identify any lessons learned, and implement any necessary improvements to prevent future incidents.

The correct answer is "The CIO approves it". This suggests that third party suppliers may have access to Voxygen's information systems only if the CIO (Chief Information Officer) approves it. This implies that there is a process in place where the CIO evaluates and grants permission for third party suppliers to access the information systems.

In the event of a fire at 201 City Road, personnel should go to the meeting place on the corner of City Road and Westland Place, outside the Westland Coffee House. This is the correct answer because it specifies the exact location where personnel should gather after evacuating the building. The other options, such as The Eagles pub on Shepherdess Walk, outside the Bavarian Pub across the road from 201 City Road offices, and outside the Shepherdess Café on the corner of City Road and Shepherdess Walk, are not mentioned as the designated meeting place in the question.

The Voxygen email can be used to sign up for tutorials on software development. This suggests that Voxygen offers email services that allow users to register for software development tutorials.

The correct answer is "Voxygen Information Security Events". This is because the question is asking for the project in JIRA that records all security events, including issues relating to non-conformities and compliance. "Voxygen Information Security Events" is the most appropriate and specific option that aligns with the requirements of the question.

The Anti-Bribery Act 2010 prohibits all forms of bribery, including accepting money in exchange for retaining business, paying money to someone in exchange for retaining business, asking a friend to accept money on your behalf in exchange for retaining business, and accepting money to pass on information. Therefore, the correct answer is "None of the above."

The objective of the Information Security Policy is not to reduce the cost of securing our information. The policy aims to keep information authentic, ensure safeguards to reduce risk are implemented, and meet all legal, regulatory, and contractual requirements. However, reducing the cost of securing information is not mentioned as one of the objectives.

When working for Voxygen on mobile computing equipment in a public area, personnel must ensure that the equipment is not left unattended to prevent unauthorized access or theft. They must also ensure that data cannot be read by a stranger by implementing encryption or other security measures. The equipment should be password protected to prevent unauthorized access. Additionally, the wifi network should be secure to protect against unauthorized access and data breaches. Ensuring there is sufficient bandwidth on the internet connection is not directly related to meeting security standards and therefore is not a requirement in this context.

The correct answer is "None of the above" because the question states that unlicensed software can be downloaded, but none of the given options provide the correct permission to download unlicensed software.

The correct answer options are related to different aspects of a security breach or event. "An unauthorised probe within the network detected or a viral infection prevented" refers to unauthorized attempts to access the network or the detection and prevention of malware infections. "Sensitive or confidential information incorrectly shared" refers to the unauthorized disclosure or sharing of sensitive or confidential data. Both of these options represent different types of security breaches or events that can compromise the security and integrity of a system or network.

Sending a diagram of the network with "Restricted" in the heading to a prospective client without a non-disclosure agreement (NDA) in place would be considered a security breach because it exposes sensitive information to unauthorized individuals. Leaving a password-protected and hard drive encrypted laptop unattended in a public area is also a security breach as it puts the encrypted data at risk of being accessed by unauthorized individuals. Additionally, an ex-employee copying software from a server using a password known by all members of a specific team is a security breach as it compromises the confidentiality and integrity of the software.

The information assets mentioned in the answer include the Voxygen network infrastructure, Voxygen's data, Telefonica's data used by Voxygen, Voxygen's software programs, emails in Voxygen's system, and client relationships. These assets are all part of the information that is owned or used by Voxygen.

The correct answer is The CIO. The Chief Information Officer (CIO) is responsible for managing the company's information technology and data security. As such, they would likely have access to and be able to provide Non-disclosure Agreements (NDAs) for contractors. The Employee Handbook may contain information on company policies and procedures, but it may not specifically provide NDAs for contractors. Members of the INCO team may have knowledge of the company's internal controls, but it is not clear if they would have the authority to provide NDAs. Dean Elwood, CEO, may have overall authority in the company, but it is not specified if they would handle NDAs directly. The company's solicitor firm may be able to provide legal advice and assistance, including NDAs, but it is not stated as a direct source in the question.

The correct answer is "Be a global brand" and "Have an excellent reputation for after sales support." These criteria are important for equipment manufacturers as being a global brand ensures that they have a wide reach and presence in multiple markets. This can indicate their expertise and experience in the industry. Additionally, having an excellent reputation for after sales support is crucial as it ensures that the manufacturer will provide necessary assistance and support to customers after the sale is made, leading to customer satisfaction and loyalty.

The asset of Voxygen may be removed off site if all security measures noted in the Voxygen Information Security policies are adhered to. Additionally, the asset should not be left unattended in a bar.

The question asks for the ways in which permission to download software required by high-level executives can be provided. The correct answer options are "As a request via Skype or email" and "In JIRA as a ticket within the VISE project." These options suggest that the permission can be obtained through formal channels such as submitting a request through Skype or email, or through the project management system JIRA within the specific project that requires the authorization.