An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the: Show
Answer : B Explanation:
A new regulation for safeguarding information processed by a specific type of transaction has come to the attention of an information security officer. The officer should FIRST:
Answer : C Explanation: The PRIMARY objective of a security steering group is to:
Answer : B Explanation: Data owners must provide a safe and secure environment to ensure
confidentiality, integrity and availability of the transaction. This is an example of an information security:
Answer : D Explanation: At what stage of the applications development process should the security
department initially become involved?
Answer : D Explanation: A security manager is preparing a report to obtain the commitment of executive management to a security program.
Inclusion of which of the following would be of MOST value?
Answer : C Explanation: The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
Answer : B Explanation: When personal information is transmitted across networks, there MUST be adequate controls over:
Answer : B Explanation: An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step
for the organization should be to:
Answer : A Explanation: Who in an organization has the responsibility for classifying information?
Answer : D Explanation: What is the PRIMARY role of the information security manager in the process of
information classification within an organization?
Answer : A Explanation: Logging is an example of which type of defense against systems compromise?
Answer : B Explanation: Which of the following is MOST important in developing a security strategy?
Answer : B Explanation: Who is ultimately responsible for the organization's information?
Answer : C Explanation: Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?
Answer : D Explanation: What is the primary purpose of information security governance?Information security governance ensures that an organization has the correct information structure, leadership, and guidance. Governance helps ensure that a company has the proper administrative controls to mitigate risk. Risk analysis helps ensure that an organization properly identifies, analyzes, and mitigates risk.
What are the five goals of information security governance?2.2 Security Governance Principles and Desired Outcomes. Establish organizationwide information security. ... . Adopt a risk-based approach. ... . Set the direction of investment decisions. ... . Ensure conformance with internal and external requirements. ... . Foster a security-positive environment for all stakeholders.. What is information security governance who in the organization should plan for it?Information security governance is defined as “a subset of enterprise governance that provides strategic direction, ensures that objectives are achieved, manages risk appropriately, uses organizational resources responsibly, and monitors the success or failure of the enterprise security program,” according to the ...
Which of the following would be the best indicator of effective information security governance within an organization?Which of the following would BEST ensure the success of information security governance within an organization? The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program.
|