Chat with AIExam 7: Security Management Practices
Exam 1: Introduction to the Management of Information Security139 Questions
Exam 2: Planning for Security123 Questions
Exam 3: Planning for Contingencies114 Questions
Exam 4: Information Security Policy133 Questions
Exam 5: Developing the Security Program133 Questions
Exam 6: Security Management Models120 Questions
Exam 7: Security Management Practices114 Questions
Exam 8: Risk Management: Identifying and Assessing Risk78 Questions
Exam 9: Risk Management: Controlling Risk105 Questions
Exam 10: Protection Mechanisms133 Questions
Exam 11: Personnel and Security133 Questions
Exam 12: Law and Ethics113 Questions
Select questions type
Which of the following is NOT a question you should ask when considering best practices for your organization?
(Multiple Choice)
4.8/5 
(26)
(26) Organizations strive to deliver the most value with a given level of investment-this is called the value proposition.
(True/False)
4.9/5 (30)
(30) In information security,two categories of benchmarks are used: 1)standards of due care and due diligence and 2)baselining.
(True/False)
4.9/5 (40)
(40) The purpose of NIST SP 800-53 (R3)as part of the NIST System C&A Project is to establish a set of standardized,minimum security controls for IT systems addressing low,moderate,and high levels of concern for ____.
(Multiple Choice)
4.8/5 (29)
(29) In most cases,simply listing the measurements collected does not adequately convey their ____.
(Multiple Choice)
4.7/5 (32)
(32) A problem with benchmarking is that recommended practices are a(n)____________________; that is,knowing what happened a few years ago does not necessarily tell you what to do next.
(Short Answer)
4.9/5 (39)
(39) Organizations that adopt minimum levels of security to establish a future legal defense may need to verify that they have done what any ____ organization would do in similar circumstances.
(Multiple Choice)
4.9/5 (38)
(38) In security management,____________________ is the authorization of an IT system to process,store,or transmit information.
(Short Answer)
4.9/5 (38)
(38) Before beginning the process of designing,collecting,and using measures,the CISO should be prepared to answer the following questions posed by Kovacich.List four of these questions.
(Essay)
4.9/5 (42)
(42) Organizations pursue accreditation or certification to ____.
(Multiple Choice)
4.8/5 (30)
(30) To generate a security blueprint,organizations usually draw from established security models and practices.
(True/False)
4.7/5 (33)
(33) In some organizations,the terms metrics and best practices are interchangeable._________________________
(True/False)
4.9/5 (33)
(33) Under the NIST SP 800-37 security controls model,systems are classified into a specific security certification level.Which of the following is the level of certification for high-priority systems?
(Multiple Choice)
4.7/5 (41)
(41) Which of the following is a major activity in the information security measures development process,according to NIST?
(Multiple Choice)
4.7/5 (47)
(47) The biggest barrier to benchmarking in information security is the fact that organizations do not talk to each other.
(True/False)
4.7/5 (33)
(33) Accreditation is the authorization of an IT system to process,store,or transmit information.
(True/False)
4.9/5 (37)
(37) The last phase in the NIST performance measures implementation process is to apply ____________________ actions; close the gap by implementing the recommended corrective actions in the security program or in the security controls.
(Short Answer)
4.8/5 (39)
(39) The two categories of benchmarks that are used in information security are standards of due care/due diligence and ____________________.
(Short Answer)
4.8/5 (38)
(38) According to NIST SP 800-55: Performance Measurement Guide for Information Security,in phase 4 of measures development,any existing measures and data repositories that can be used to derive measures data should be ____________________.
(Short Answer)
4.8/5 (43)
(43) In selecting among recommended practices,an organization should seek to ensure that the target ____ is similar to their own.
(Multiple Choice)
4.9/5 (33)
(33) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)