Question 1

Benchmarking can help to determine ____ controls should be considered,but it cannot determine ____ those controls should be implemented in your organization.

Accepted Answer

A)  which; when 
B)  if; when 
C)  what; why 
D)  which; how 
A)  which; when 
B)  if; when 
C)  what; why 
D)  which; how D

Question 2

In information security,two categories of benchmarks are used: standards of due care and due diligence and ____ practices.

Accepted Answer

A)  security 
B)  recommended 
C)  measures 
D)  metrics 
A)  security 
B)  recommended 
C)  measures 
D)  metrics B

Question 3

A ____ is a "value or profile of a performance metric against which changes in the performance metric can be usefully compared.".

Accepted Answer

A)  benchmark 
B)  best practice 
C)  baseline 
D)  standard of due care 
A)  benchmark 
B)  best practice 
C)  baseline 
D)  standard of due care C

Question 4

Maintaining an acceptable level of secure controls over time indicates that an organization has met the standard of ____.

Accepted Answer

A)  prudent man defense 
B)  due diligence 
C)  best practice 
D)  due care 
A)  prudent man defense 
B)  due diligence 
C)  best practice 
D)  due care

Question 5

Once developed,information security performance measures must be implemented and integrated into ____ information security management operations.

Accepted Answer

A)  cost-effective 
B)  ongoing 
C)  efficient 
D)  regulated 
A)  cost-effective 
B)  ongoing 
C)  efficient 
D)  regulated

Question 6

The first phase in the NIST performance measures methodology is to collect data and analyze results; collect,aggregate,and consolidate metric data collection and compare measurements with targets.

Accepted Answer

A) True 
 B)False

Question 7

Which of the following is the last phase in the NIST process for performance measures implementation?

Accepted Answer

A)  Apply corrective actions 
B)  Obtain resources 
C)  Repeat the process 
D)  Obtain management support 
A)  Apply corrective actions 
B)  Obtain resources 
C)  Repeat the process 
D)  Obtain management support

Question 8

Information security ____ is the process of designing,implementing,and managing the use of the collected data elements called measures to determine the effectiveness of the overall security program.

Accepted Answer

A)  performance management 
B)  baselining 
C)  best practices 
D)  standards of due care/diligence 
A)  performance management 
B)  baselining 
C)  best practices 
D)  standards of due care/diligence

Question 9

Problems with benchmarking include all but which of the following?

Accepted Answer

A)  Organizations don't share information on successful attacks 
B)  Organizations being benchmarked are seldom identical 
C)  Recommended practices change and evolve, thus past performance is no indicator of future success 
D)  Baseline data provides little value to evaluating progress in improving security 
A)  Organizations don't share information on successful attacks 
B)  Organizations being benchmarked are seldom identical 
C)  Recommended practices change and evolve, thus past performance is no indicator of future success 
D)  Baseline data provides little value to evaluating progress in improving security

Question 10

The second step in the NIST SP 800-37 model for security certification and accreditation is to select the appropriate minimum security ____________________ for the system.

Accepted Answer

The answer of The second step in the NIST SP...

Question 11

One of the three goals of System Certification and Accreditation as defined by NIST is to: define essential maximum security controls for federal IT systems.

Accepted Answer

A) True 
 B)False

Question 12

In the NIST performance measures implementation process,the comparison of observed measurements with target values is known as a ____ analysis.

Accepted Answer

A)  shortfall 
B)  gap 
C)  corrective 
D)  failure 
A)  shortfall 
B)  gap 
C)  corrective 
D)  failure

Question 13

In reporting InfoSec performance measures,the CISO must also consider ____.

Accepted Answer

A)  to whom the results should be disseminated 
B)  how they should be delivered 
C)  Both of these 
D)  Neither of these 
A)  to whom the results should be disseminated 
B)  how they should be delivered 
C)  Both of these 
D)  Neither of these

Question 14

Security Certification & Accreditation initiative offers several benefits.Which of the following is NOT one of them?

Accepted Answer

A)  More consistent, comparable, and repeatable certifications of InfoSec programs 
B)  More complete, reliable information for authorizing officials 
C)  Greater availability of competent security evaluation and assessment services 
D)  More secure IT systems within the federal government 
A)  More consistent, comparable, and repeatable certifications of InfoSec programs 
B)  More complete, reliable information for authorizing officials 
C)  Greater availability of competent security evaluation and assessment services 
D)  More secure IT systems within the federal government

Question 15

When an organization applies statistical and quantitative forms of mathematical analysis to the data points collected to measure the activities and outcomes of the InfoSec program,it is using InfoSec best practices.

Accepted Answer

A) True 
 B)False

Question 16

Designing the performance measures collection process requires thoughtful consideration of the ____ of the metric along with a thorough knowledge of how production services are delivered.

Accepted Answer

A)  cost 
B)  location 
C)  intent 
D)  owner 
A)  cost 
B)  location 
C)  intent 
D)  owner

Question 17

One of the priorities in building an information security measures program is determining whether these measures will be macro-focus or micro-focus.____ measures examine the performance of the overall security program.

Accepted Answer

A)  Micro-focused 
B)  Macro-focused 
C)  Both of these 
D)  Neither of these 
A)  Micro-focused 
B)  Macro-focused 
C)  Both of these 
D)  Neither of these

Question 18

Security efforts that seek to provide a superior level of performance in the protection of information are called ____.

Accepted Answer

A)  recommended business practices 
B)  best practices 
C)  best security practices 
D)  All of these are correct 
A)  recommended business practices 
B)  best practices 
C)  best security practices 
D)  All of these are correct

Question 19

One of the critical tasks in the measurement process is to assess and quantify what will be secured._________________________

Accepted Answer

A) True 
 B)False

Question 20

In information security,two categories of benchmarks are used: standards of due care and due diligence and recommended practices._________________________

Accepted Answer

A) True 
 B)False

Benchmarking can help to determine controls should be considered,but it cannot determine those controls should be implemented in your organization.

In information security,two categories of benchmarks are used: standards of due care and due diligence and ____ practices.

A ____ is a "value or profile of a performance metric against which changes in the performance metric can be usefully compared.".

Maintaining an acceptable level of secure controls over time indicates that an organization has met the standard of ____.

Once developed,information security performance measures must be implemented and integrated into ____ information security management operations.

The first phase in the NIST performance measures methodology is to collect data and analyze results; collect,aggregate,and consolidate metric data collection and compare measurements with targets.

Which of the following is the last phase in the NIST process for performance measures implementation?

Information security ____ is the process of designing,implementing,and managing the use of the collected data elements called measures to determine the effectiveness of the overall security program.

Problems with benchmarking include all but which of the following?

The second step in the NIST SP 800-37 model for security certification and accreditation is to select the appropriate minimum security ____________________ for the system.

One of the three goals of System Certification and Accreditation as defined by NIST is to: define essential maximum security controls for federal IT systems.

In the NIST performance measures implementation process,the comparison of observed measurements with target values is known as a ____ analysis.

In reporting InfoSec performance measures,the CISO must also consider ____.

Security Certification & Accreditation initiative offers several benefits.Which of the following is NOT one of them?

When an organization applies statistical and quantitative forms of mathematical analysis to the data points collected to measure the activities and outcomes of the InfoSec program,it is using InfoSec best practices.

Designing the performance measures collection process requires thoughtful consideration of the ____ of the metric along with a thorough knowledge of how production services are delivered.

One of the priorities in building an information security measures program is determining whether these measures will be macro-focus or micro-focus.____ measures examine the performance of the overall security program.

Security efforts that seek to provide a superior level of performance in the protection of information are called ____.

One of the critical tasks in the measurement process is to assess and quantify what will be secured._________________________

In information security,two categories of benchmarks are used: standards of due care and due diligence and recommended practices._________________________

Introduction to the Management of Information Security

Planning for Security

Planning for Contingencies

Information Security Policy

Developing the Security Program

Security Management Models

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Protection Mechanisms

Personnel and Security

Law and Ethics

Filters

Exam 7: Security Management Practices

Benchmarking can help to determine ____ controls should be considered,but it cannot determine ____ those controls should be implemented in your organization.

In information security,two categories of benchmarks are used: standards of due care and due diligence and ____ practices.

A ____ is a "value or profile of a performance metric against which changes in the performance metric can be usefully compared.".

Maintaining an acceptable level of secure controls over time indicates that an organization has met the standard of ____.

Once developed,information security performance measures must be implemented and integrated into ____ information security management operations.

The first phase in the NIST performance measures methodology is to collect data and analyze results; collect,aggregate,and consolidate metric data collection and compare measurements with targets.

Which of the following is the last phase in the NIST process for performance measures implementation?

Information security ____ is the process of designing,implementing,and managing the use of the collected data elements called measures to determine the effectiveness of the overall security program.

Problems with benchmarking include all but which of the following?

The second step in the NIST SP 800-37 model for security certification and accreditation is to select the appropriate minimum security ____________________ for the system.

One of the three goals of System Certification and Accreditation as defined by NIST is to: define essential maximum security controls for federal IT systems.

In the NIST performance measures implementation process,the comparison of observed measurements with target values is known as a ____ analysis.

In reporting InfoSec performance measures,the CISO must also consider ____.

Security Certification & Accreditation initiative offers several benefits.Which of the following is NOT one of them?

When an organization applies statistical and quantitative forms of mathematical analysis to the data points collected to measure the activities and outcomes of the InfoSec program,it is using InfoSec best practices.

Designing the performance measures collection process requires thoughtful consideration of the ____ of the metric along with a thorough knowledge of how production services are delivered.

One of the priorities in building an information security measures program is determining whether these measures will be macro-focus or micro-focus.____ measures examine the performance of the overall security program.

Security efforts that seek to provide a superior level of performance in the protection of information are called ____.

One of the critical tasks in the measurement process is to assess and quantify what will be secured._________________________

In information security,two categories of benchmarks are used: standards of due care and due diligence and recommended practices._________________________

Introduction to the Management of Information Security

Planning for Security

Planning for Contingencies

Information Security Policy

Developing the Security Program

Security Management Models

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Protection Mechanisms

Personnel and Security

Law and Ethics

Filters

Benchmarking can help to determine controls should be considered,but it cannot determine those controls should be implemented in your organization.