Chat with AIExam 9: Security Management Practices
Exam 1: Introduction to the Management of Information Security63 Questions
Exam 2: Compliance: Law and Ethics50 Questions
Exam 3: Governance and Strategic Planning for Security52 Questions
Exam 4: Information Security Policy56 Questions
Exam 5: Developing the Security Program55 Questions
Exam 6: Risk Management: Identifying and Assessing Risk60 Questions
Exam 7: Risk Management: Controlling Risk60 Questions
Exam 8: Security Management Models60 Questions
Exam 9: Security Management Practices59 Questions
Exam 10: Planning for Contingencies60 Questions
Exam 11: Personnel and Security60 Questions
Exam 12: Protection Mechanisms61 Questions
Select questions type
Standardization is an an attempt to improve information security practices by comparing anorganization's efforts against those of a similar organization or an industry-developedstandard to produce results it would like to duplicate.____________
(True/False)
4.8/5 
(41)
(41) Using a practice called baselining,you are able to develop policy based on the typical practices of the industry in which you are working.
(True/False)
4.8/5 (30)
(30) Attaining certification in security management is a long and difficult process,but once attained,an organization remains certified for the life of the organization.
(True/False)
4.8/5 (39)
(39) Recommended practices are those security efforts that seek to provide a superior level of performancein the protection of information.____________
(True/False)
4.9/5 (31)
(31) The InfoSec measurement development process recommended by NIST isis divided into two major activities.Which of the following is one of them?
(Multiple Choice)
4.9/5 (40)
(40) One of the critical tasks in the measurement process is to assess and quantify what willbe measured and how it is measured.____________
(True/False)
4.8/5 (35)
(35) Which of the following is the first phase in the NIST process for performance measurement implementation?
(Multiple Choice)
5.0/5 (42)
(42) Describe the three tier approach of the RMF as defined by NIST SP 800-37.
(Essay)
4.9/5 (31)
(31) Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?
(Multiple Choice)
4.8/5 (50)
(50) Which of the following is Tier 3 (indicating environment of operation)of the tiered risk management approach?
(Multiple Choice)
4.9/5 (36)
(36) Why must you do more than simply list the InfoSec measurements collected when reporting them?Explain.
(Essay)
4.8/5 (38)
(38) When choosing from among recommended practices,an organization should consider a number of questions.List four.
(Essay)
4.9/5 (36)
(36) On what do measurements collected from production statistics greatly depend?Explain your answer.
(Essay)
4.9/5 (43)
(43) What are the legal requirements that an organization adopt a standard based on what a prudent organization should do,and then maintain that standard?
(Multiple Choice)
4.9/5 (36)
(36) A goal of 100 percent employee InfoSec training as an objective for the training program is an example of a performance __________.
(Short Answer)
4.8/5 (40)
(40) Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following?
(Multiple Choice)
4.7/5 (39)
(39) Before beginning the process of designing,collecting,and using measures,the CISO should be prepared to answer the following questions posed by Kovacich.List four of these questions.
(Essay)
4.8/5 (33)
(33) Which of the following is NOT a question a CISO should be prepared to answer,about a performance measures program,according to Kovacich?
(Multiple Choice)
4.9/5 (43)
(43) An attempt to improve information security practices by comparing anorganization's efforts against practices of a similar organization or an industry-developedstandard to produce results it would like to duplicate.
(Multiple Choice)
4.9/5 (36)
(36) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)