Question 1

One of the priorities in building an information security measures program is determining whether these measures will be macro-focus or micro-focus.

Accepted Answer

A) True 
 B)False

Question 2

During Phase 2 of the NIST performance measures development process,the organization will identify and document the information security performance ____ that would guide security control implementation for the information security program of a specific information system.

Accepted Answer

A)  stakeholders 
B)  users 
C)  goals and objectives 
D)  regulations 
A)  stakeholders 
B)  users 
C)  goals and objectives 
D)  regulations

Question 3

One of the most popular of the many references that support the development of process improvement and performance measures is The Capability Maturity Model Integrated (CMMI)designed specifically to integrate an organization's process improvement activities across disciplines._________________________

Accepted Answer

A) True 
 B)False

Question 4

One of the fundamental challenges in information security performance measurement is the definition of ____ security.

Accepted Answer

A)  effective 
B)  modern 
C)  information 
D)  efficient 
A)  effective 
B)  modern 
C)  information 
D)  efficient

Question 5

Performance measurement is an ongoing,continuous improvement operation._________________________

Accepted Answer

A) True 
 B)False

Question 6

Security efforts that seek to provide a(n)acceptable level of performance in the protection of information are called recommended business practices or just best practices._________________________

Accepted Answer

A) True 
 B)False

Question 7

It is seldom advisable to broadcast complex and nuanced metrics-based reports to large groups,unless ____.

Accepted Answer

A)  the group is well educated and capable of understanding such complex reports 
B)  the reports also contain addendums providing detailed analyses of the findings 
C)  the key points are well established and embedded in a more complete context such as a newsletter or press release 
D)  None of these 
A)  the group is well educated and capable of understanding such complex reports 
B)  the reports also contain addendums providing detailed analyses of the findings 
C)  the key points are well established and embedded in a more complete context such as a newsletter or press release 
D)  None of these

Question 8

Collecting project metrics may be even more challenging.Unless the organization is satisfied with a simple tally of who spent how many hours doing which tasks,it needs some mechanism to link the ____ of each project,in terms of loss control or risk reduction,to the resources consumed.

Accepted Answer

A)  metric 
B)  outcome 
C)  budget 
D)  users 
A)  metric 
B)  outcome 
C)  budget 
D)  users

Question 9

According to NIST SP 800-37,the first step in the security controls selection process is to ____.

Accepted Answer

A)  characterize the system 
B)  select the appropriate minimum security controls for the system 
C)  adjust security controls based on system exposure and risk decisions 
D)  None of these 
A)  characterize the system 
B)  select the appropriate minimum security controls for the system 
C)  adjust security controls based on system exposure and risk decisions 
D)  None of these

Question 10

Which of the following is NOT a question a CISO should be prepared to answer,about a performance measures program,according to Kovacich?

Accepted Answer

A)  Why should these statistics be collected? 
B)  How will these statistics be collected? 
C)  How much will the collection of statistics cost? 
D)  Who will collect these statistics? 
A)  Why should these statistics be collected? 
B)  How will these statistics be collected? 
C)  How much will the collection of statistics cost? 
D)  Who will collect these statistics?

Question 11

Information security performance management is the process of designing,implementing,and managing the use of the collected data elements called measures to determine the effectiveness of the overall security program.

Accepted Answer

A) True 
 B)False

Question 12

When an organization applies statistical and quantitative forms of mathematical analysis to the data points collected to measure the activities and outcomes of the InfoSec program,it is using InfoSec ____________________.

Accepted Answer

The answer of When an organization applies statistical and quantitative...

Question 13

The benefits of using information security performance measures include all but which of the following?

Accepted Answer

A)  Increasing efficiency for InfoSec performance 
B)  Improving effectiveness of InfoSec activities 
C)  Demonstrating compliance with laws, rules and regulations 
D)  Providing quantifiable inputs for resource allocation decisions 
A)  Increasing efficiency for InfoSec performance 
B)  Improving effectiveness of InfoSec activities 
C)  Demonstrating compliance with laws, rules and regulations 
D)  Providing quantifiable inputs for resource allocation decisions

Question 14

One of the most popular references for developing process improvement and performance measures is the ____ model from the Software Engineering Institute at Carnegie Mellon University.

Accepted Answer

A)  Creative Measures & Management Implementation 
B)  California Metropolitan Management International 
C)  InfoSec Process and Performance Measures 
D)  none of these 
A)  Creative Measures & Management Implementation 
B)  California Metropolitan Management International 
C)  InfoSec Process and Performance Measures 
D)  none of these

Question 15

A goal of 100 percent employee information security training in the training program would invalidate the continued collection of training measures._________________________

Accepted Answer

A) True 
 B)False

Question 16

Security efforts that seek to provide a superior level of performance in the protection of information are referred to as ____________________.

Accepted Answer

recommended business

Question 17

In the future,NIST plans to replace accreditation with ____ and certification with ____.

Accepted Answer

A)  certification; accreditation 
B)  approvals; assessments 
C)  assessments; critical elements 
D)  authorization; security control assessment 
A)  certification; accreditation 
B)  approvals; assessments 
C)  assessments; critical elements 
D)  authorization; security control assessment

Question 18

A(n)____________________ is an external "value or profile of a performance metric against which changes in the performance metric can be usefully compared."

Accepted Answer

The answer of A(n)____________________ is an external "value or profile...

Question 19

List the four factors critical to the success of an information security performance program,according to NIST SP 800-55.

Accepted Answer

Strong upper level management

Question 20

Strong upper level management support is critical to the success of an information security performance program._________________________

Accepted Answer

A) True 
 B)False

One of the priorities in building an information security measures program is determining whether these measures will be macro-focus or micro-focus.

During Phase 2 of the NIST performance measures development process,the organization will identify and document the information security performance ____ that would guide security control implementation for the information security program of a specific information system.

One of the fundamental challenges in information security performance measurement is the definition of ____ security.

Performance measurement is an ongoing,continuous improvement operation._________________________

Security efforts that seek to provide a(n)acceptable level of performance in the protection of information are called recommended business practices or just best practices._________________________

It is seldom advisable to broadcast complex and nuanced metrics-based reports to large groups,unless ____.

Collecting project metrics may be even more challenging.Unless the organization is satisfied with a simple tally of who spent how many hours doing which tasks,it needs some mechanism to link the ____ of each project,in terms of loss control or risk reduction,to the resources consumed.

According to NIST SP 800-37,the first step in the security controls selection process is to ____.

Which of the following is NOT a question a CISO should be prepared to answer,about a performance measures program,according to Kovacich?

Information security performance management is the process of designing,implementing,and managing the use of the collected data elements called measures to determine the effectiveness of the overall security program.

When an organization applies statistical and quantitative forms of mathematical analysis to the data points collected to measure the activities and outcomes of the InfoSec program,it is using InfoSec ____________________.

The benefits of using information security performance measures include all but which of the following?

One of the most popular references for developing process improvement and performance measures is the ____ model from the Software Engineering Institute at Carnegie Mellon University.

A goal of 100 percent employee information security training in the training program would invalidate the continued collection of training measures._________________________

Security efforts that seek to provide a superior level of performance in the protection of information are referred to as ____________________.

In the future,NIST plans to replace accreditation with and certification with .

A(n)____________________ is an external "value or profile of a performance metric against which changes in the performance metric can be usefully compared."

List the four factors critical to the success of an information security performance program,according to NIST SP 800-55.

Strong upper level management support is critical to the success of an information security performance program._________________________

Introduction to the Management of Information Security

Planning for Security

Planning for Contingencies

Information Security Policy

Developing the Security Program

Security Management Models

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Protection Mechanisms

Personnel and Security

Law and Ethics

Filters

Exam 7: Security Management Practices

One of the priorities in building an information security measures program is determining whether these measures will be macro-focus or micro-focus.

During Phase 2 of the NIST performance measures development process,the organization will identify and document the information security performance ____ that would guide security control implementation for the information security program of a specific information system.

One of the fundamental challenges in information security performance measurement is the definition of ____ security.

Performance measurement is an ongoing,continuous improvement operation._________________________

Security efforts that seek to provide a(n)acceptable level of performance in the protection of information are called recommended business practices or just best practices._________________________

It is seldom advisable to broadcast complex and nuanced metrics-based reports to large groups,unless ____.

Collecting project metrics may be even more challenging.Unless the organization is satisfied with a simple tally of who spent how many hours doing which tasks,it needs some mechanism to link the ____ of each project,in terms of loss control or risk reduction,to the resources consumed.

According to NIST SP 800-37,the first step in the security controls selection process is to ____.

Which of the following is NOT a question a CISO should be prepared to answer,about a performance measures program,according to Kovacich?

Information security performance management is the process of designing,implementing,and managing the use of the collected data elements called measures to determine the effectiveness of the overall security program.

When an organization applies statistical and quantitative forms of mathematical analysis to the data points collected to measure the activities and outcomes of the InfoSec program,it is using InfoSec ____________________.

The benefits of using information security performance measures include all but which of the following?

One of the most popular references for developing process improvement and performance measures is the ____ model from the Software Engineering Institute at Carnegie Mellon University.

A goal of 100 percent employee information security training in the training program would invalidate the continued collection of training measures._________________________

Security efforts that seek to provide a superior level of performance in the protection of information are referred to as ____________________.

In the future,NIST plans to replace accreditation with ____ and certification with ____.

A(n)____________________ is an external "value or profile of a performance metric against which changes in the performance metric can be usefully compared."

List the four factors critical to the success of an information security performance program,according to NIST SP 800-55.

Strong upper level management support is critical to the success of an information security performance program._________________________

Introduction to the Management of Information Security

Planning for Security

Planning for Contingencies

Information Security Policy

Developing the Security Program

Security Management Models

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Protection Mechanisms

Personnel and Security

Law and Ethics

Filters

In the future,NIST plans to replace accreditation with and certification with .