Chat with AIExam 9: Security Management Practices
Exam 1: Introduction to the Management of Information Security63 Questions
Exam 2: Compliance: Law and Ethics50 Questions
Exam 3: Governance and Strategic Planning for Security52 Questions
Exam 4: Information Security Policy56 Questions
Exam 5: Developing the Security Program55 Questions
Exam 6: Risk Management: Identifying and Assessing Risk60 Questions
Exam 7: Risk Management: Controlling Risk60 Questions
Exam 8: Security Management Models60 Questions
Exam 9: Security Management Practices59 Questions
Exam 10: Planning for Contingencies60 Questions
Exam 11: Personnel and Security60 Questions
Exam 12: Protection Mechanisms61 Questions
Select questions type
Which of the following InfoSec measurement specifications makes it possible to define success in the security program?
(Multiple Choice)
4.8/5 
(34)
(34) List the four factors critical to the success of an InfoSec performance program,according to NIST SP 800-55,Rev.1.
(Essay)
4.8/5 (40)
(40) Performance measurements are seldom required in today's regulated InfoSec environment.
(True/False)
4.9/5 (38)
(38) Those security efforts that are considered among the best in theindustry.
(Multiple Choice)
4.8/5 (39)
(39) In security management,which of the following is issued by a management official and serves as a means of assuring that systems are of adequate quality?
(Multiple Choice)
4.9/5 (39)
(39) ____________________ encompasses a requirement that the implemented standards continue to provide the required level of protection.
(Short Answer)
4.8/5 (37)
(37) A company striving for 'best security practices' makes every effort to establish security program elements that meet every minimum standard in their industry.
(True/False)
4.7/5 (30)
(30) Astandard of due process is a legal standard that requires an organization and its employees to actas a "reasonable and prudent" individual or organization would under similar circumstances.____________
(True/False)
4.9/5 (30)
(30) The biggest barrier tobaselining in InfoSec is the fact that many organizations do notshare warnings with other organizations.____________
(True/False)
4.8/5 (36)
(36) The authorization by an oversight authority of an IT system to process,store,ortransmit information is known as certification.____________
(True/False)
4.8/5 (43)
(43) A comprehensive assessment of a system's technical and nontechnical protectionstrategies,as specified by a particular set of requirements is known as accreditation.____________
(True/False)
4.8/5 (33)
(33) Those procedures that provide a superior level of security for an organization's information.
(Multiple Choice)
4.8/5 (43)
(43) Best security practices balance the need for user _____________ to information with the need for adequate protection while simultaneously demonstrating fiscal responsibility.
(Short Answer)
4.8/5 (35)
(35) A performance measure is an an assessment of the performanceof some action or process against which futureperformance is assessed._____________
(True/False)
4.8/5 (34)
(34) What are the two major activities into which the InfoSec measurement development process recommended by NIST is divided?
(Essay)
4.7/5 (41)
(41) Problems with benchmarking include all but which of the following?
(Multiple Choice)
4.9/5 (47)
(47) The last phase in the NIST performance measures implementation process is to apply ______________ actions which closes the gap found in Phase 2.
(Short Answer)
4.9/5 (34)
(34) Which of the following terms is described as the process of designing,implementing,and managing the use of the collected data elements to determine the effectiveness of the overall security program?
(Multiple Choice)
4.7/5 (33)
(33) The Authorize step of the NIST six-step approach to the risk management framework involves all but which of the following tasks?
(Multiple Choice)
4.8/5 (38)
(38) 
Filters
- Essay(0)
- Multiple Choice(0)
- Short Answer(0)
- True False(0)
- Matching(0)