If your organization operates under a model of "assumption of breach", you should:
If your organization operates under a model of "assumption of breach", you should:A . Protect all information resource assets equally B. Establish active firewall monitoring protocols C. Purchase insurance for your compliance liability D. Focus your security efforts on high value assetsView AnswerAnswer: C
Which of the following provides an audit framework?
Which of the following provides an audit framework?A . Control Objectives for IT (COBIT) B. Payment Card Industry-Data Security Standard (PCI-DSS) C. International Organization Standard (ISO) 27002 D. National Institute of Standards and Technology (NIST) SP 800-30View AnswerAnswer: A
Developing effective security controls is a balance between:
Developing effective security controls is a balance between:A . Risk Management and Operations B. Corporate Culture and Job Expectations C. Operations and Regulations D. Technology and Vendor ManagementView AnswerAnswer: A
Risk is defined as:
Risk is defined as:A . Threat times vulnerability divided by control B. Advisory plus capability plus vulnerability C. Asset loss times likelihood of event D. Quantitative plus qualitative impactView AnswerAnswer: A
Which of the following is a critical part of ensuring the program is successful?
A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?A . Providing a risk program governance structure B. Ensuring developers include risk control comments in code C. Creating risk assessment templates based on specific threats D. Allowing for...
Which of the following is a benefit of information security governance?
Which of the following is a benefit of information security governance?A . Questioning the trust in vendor relationships. B. Increasing the risk of decisions based on incomplete management information. C. Direct involvement of senior management in developing control processes D. Reduction of the potential for civil and legal liabilityView AnswerAnswer:...
Why is it vitally important that senior management endorse a security policy?
Why is it vitally important that senior management endorse a security policy?A . So that they will accept ownership for security within the organization. B. So that employees will follow the policy directives. C. So that external bodies will recognize the organizations commitment to security. D. So that they can...
Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:
Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:A . Risk management B. Security management C. Mitigation management D. Compliance managementView AnswerAnswer: D
Which of the following is MOST important when dealing with an Information Security Steering committee:
Which of the following is MOST important when dealing with an Information Security Steering committee:A . Include a mix of members from different departments and staff levels. B. Ensure that security policies and procedures have been vetted and approved. C. Review all past audit and compliance reports. D. Be briefed...
Which of the following is the MOST important benefit of an effective security governance process?
Which of the following is the MOST important benefit of an effective security governance process?A . Reduction of liability and overall risk to the organization B. Better vendor management C. Reduction of security breaches D. Senior management participation in the incident response processView AnswerAnswer: A