Chat with AIExam 7: Security Management Practices
Exam 1: Introduction to the Management of Information Security139 Questions
Exam 2: Planning for Security123 Questions
Exam 3: Planning for Contingencies114 Questions
Exam 4: Information Security Policy133 Questions
Exam 5: Developing the Security Program133 Questions
Exam 6: Security Management Models120 Questions
Exam 7: Security Management Practices114 Questions
Exam 8: Risk Management: Identifying and Assessing Risk78 Questions
Exam 9: Risk Management: Controlling Risk105 Questions
Exam 10: Protection Mechanisms133 Questions
Exam 11: Personnel and Security133 Questions
Exam 12: Law and Ethics113 Questions
Select questions type
When choosing from among recommended practices,an organization should consider a number of questions.List four.
(Essay)
5.0/5 
(41)
(41) Production-level statistics depend greatly on the number of ____.
(Multiple Choice)
4.9/5 (49)
(49) Organizations that adopt minimum levels of security to establish a future legal defense may need to verify that they have done what any ____________________ organization would do in similar circumstances.
(Short Answer)
4.9/5 (45)
(45) It is no longer sufficient to simply assert effective information security; an organization must demonstrate that it is taking effective measures in the spirit of ____________________.
(Short Answer)
4.9/5 (38)
(38) NIST recommends the documentation of performance measures in a format to ensure ____ of measures development,tailoring,collection,and reporting activities.
(Multiple Choice)
4.7/5 (37)
(37) Even with strong management support,an information security measures program must be able to demonstrate due care to the organization._________________________
(True/False)
4.8/5 (35)
(35) Organizations that adopt minimum levels of security to establish a future legal defense may need to verify that they have done what any prudent organization would do in similar circumstances; this is known as a standard of due care.
(True/False)
4.9/5 (39)
(39) Organizations must consider all but which of the following during development and implementation of an information security measurement program?
(Multiple Choice)
4.8/5 (27)
(27) Performance ____ make it possible to define success in the security program.
(Multiple Choice)
4.8/5 (41)
(41) A best practice is a "value or profile of a performance metric against which changes in the performance metric can be usefully compared."
(True/False)
4.9/5 (36)
(36) Measures are data points or computed trends that may indicate the effectiveness of security countermeasures or controls-technical and managerial-as implemented in the organization._________________________
(True/False)
4.7/5 (38)
(38) While the terms may be interchangeable in some organizations,typically the term ____ is used for more granular,detailed measurement,while the term ____ is used for aggregate,higher-level results.
(Multiple Choice)
4.7/5 (40)
(40) Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as ____.
(Multiple Choice)
4.7/5 (38)
(38) ____________________ is defined as "the comprehensive evaluation of the technical and nontechnical security controls of an IT system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements."
(Short Answer)
4.8/5 (38)
(38) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)