情報セキュリティマネジメント 過去問題集 〜IPの勉強支援〜

Information security management exam past questions

This application is a collection of past questions of the information security management exam.

Equipped with past questions for the past three years.

There are no ads, so you can concentrate on your studies.

Since it can be used offline, you can study information security management anywhere.

【problem】

You can study past questions by age.

Each year is divided into 10 questions, so you can learn in order.

You can also randomly set 10 questions each from one year.

【review】

You can check the history of the questions you have taken and review the questions you got wrong.

[Reference]

Information Security Management Exam Fall 2019

Information Security Management Exam Spring 2019

Information Security Management Exam Fall 2018

[Overview of the information security management exam qualification system (excerpt from the official website)]

This exam certifies the basic skills to contribute to ensuring the information security of the organization through planning, operation, evaluation and improvement of information security management and to continuously protect the organization from threats.

1. Target person image

As an information security leader in departments using information systems, appropriately implement the purpose and content of information security measures necessary for the execution of the department's business and information security rules established by the organization (regulations within the organization, including the information security policy). A person who realizes, maintains, and improves information security in order to use information and information systems safely.

2. Duties and Roles

In order to realize, maintain and improve the situation where information security is ensured in the information system user department, the following duties and roles will be performed.

(1) Carry out necessary work to maintain the information security of information assets in the department.

(2) Identify the information assets of the department, conduct an information security risk assessment, and formulate risk countermeasures.

(3) Clarify the requirements for information security measures and information security continuation regarding the information assets of the department.

(4) Clarify the information security requirements necessary for the user department when procuring the information system associated with the promotion of IT utilization in the business of the department. In addition, we will present the necessary information security requirements in the activities where the user departments themselves realize a part of the promotion of IT utilization.

(5) When outsourcing work, clarify the requirements for information security measures in the contract and check the implementation status.

(6) Ensure information security when using departmental information systems.

(7) Improve the information security awareness and compliance of department members, and prevent the occurrence of information security incidents such as internal improprieties.

(8) When an information security incident occurs or is likely to occur, we will respond appropriately based on information security rules, laws, guidelines, standards, etc.

(9) Raise opinions and problems regarding information security in the department or the entire organization to the department in charge.

3. Expected technical level

The following knowledge and practical skills are required in order to realize, maintain, and improve the situation in which information security is ensured in the departments using information systems.

(1) Able to independently carry out a part of information security management for the department.

(2) Be able to respond appropriately as an information security leader when an information security incident occurs or is likely to occur.

(3) To be able to understand basic terms and contents related to IT in general.

(4) Have basic knowledge of information security technology and information security regulations, and be able to implement part of the information security measures of the department on their own or under the guidance of superiors.

(5) Collect trends and examples from information security organizations and other companies, and evaluate the necessity of applying them to the environment of the department.