Question 1

Information security governance yields significant benefits.List five.

Accepted Answer

1.An increase in share value for organizations
2.Increased predictability and reduced uncertainty of business operations by lowering information-security-related risks to definable and acceptable levels
3.Protection from the increasing potential for civil or legal liability as a result of information inaccuracy or the absence of due care
4.Optimization of the allocation of limited security resources
5.Assurance of effective information security policy and policy compliance
6.A firm foundation for efficient and effective risk management,process improvement,and rapid incident response
7.A level of assurance that critical decisions are not based on faulty information
8.Accountability for safeguarding information during critical business activities,such as
mergers and acquisitions,business process recovery,and regulatory response.

Question 2

What is the first phase of the SecSDLC?

Accepted Answer

A)  analysis 
B)  investigation 
C)  logical design 
D)  physical design 
A)  analysis 
B)  investigation 
C)  logical design 
D)  physical design B

Question 3

​The ISA 27014:2013 standard promotes five risk management processes,which should be adopted by the organization's executive ​management and its governing board.

Accepted Answer

A) True 
 B)False  False

Question 4

​A person or organization that has a vested interest in a particular aspect of the planning or operation of the organization is a stockbroker.

Accepted Answer

A) True 
 B)False

Question 5

What is necessary for a top-down approach to the implementation of InfoSec to succeed?

Accepted Answer

For any top-down approach to succeed,hig

Question 6

Which of the following is a key advantage of the bottom-up approach to security implementation?

Accepted Answer

A)  strong upper-management support 
B)  a clear planning and implementation process 
C)  utilizes the technical expertise of the individual administrators 
D)  coordinated planning from upper management 
A)  strong upper-management support 
B)  a clear planning and implementation process 
C)  utilizes the technical expertise of the individual administrators 
D)  coordinated planning from upper management

Question 7

Which of the following explicitly declares the business of the organization and its intended areas of operations?

Accepted Answer

A)  vision statement 
B)  values statement 
C)  mission statement 
D)  business statement 
A)  vision statement 
B)  values statement 
C)  mission statement 
D)  business statement

Question 8

​The individual responsible for the assessment,management,and implementation of information-protection activities in the organization is known as a(n)____________.

Accepted Answer

A)  chief information security officer 
B)  security technician 
C)  security manager 
D)  ​chief technology officer 
A)  chief information security officer 
B)  security technician 
C)  security manager 
D)  ​chief technology officer

Question 9

​Individuals who control,and are therefore responsible for,the security and use of a particular set of information are known as ____________.

Accepted Answer

A)  ​data owners 
B)  ​data custodians 
C)  ​data users 
D)  ​data generators 
A)  ​data owners 
B)  ​data custodians 
C)  ​data users 
D)  ​data generators

Question 10

​ISO 27014:2013 is the ISO 27000 series standard for ____________.

Accepted Answer

A)  ​Governance of Information Security 
B)  ​Information Security Management 
C)  ​Risk Management 
D)  ​Policy Management 
A)  ​Governance of Information Security 
B)  ​Information Security Management 
C)  ​Risk Management 
D)  ​Policy Management

Question 11

​A senior executive who promotes the project and ensures its support,both financially and administratively,at the highest levels of the organization is needed to fill the role of a(n)____________ on a development team.

Accepted Answer

A)  ​champion 
B)  ​end user 
C)  ​team leader 
D)  ​policy developer 
A)  ​champion 
B)  ​end user 
C)  ​team leader 
D)  ​policy developer

Question 12

The ______________________ phase is the last phase of SecSDLC,but perhaps the most important.

Accepted Answer

maintenanc

Question 13

​The individual accountable for ensuring the day-to-day operation of the InfoSec program,accomplishing the objectives identified by the CISO and resolving issues identified by technicians are known as a(n)____________.

Accepted Answer

A)  chief information security officer 
B)  security technician 
C)  security manager 
D)  ​chief technology officer 
A)  chief information security officer 
B)  security technician 
C)  security manager 
D)  ​chief technology officer

Question 14

According to the ITGI,what are the four supervisory tasks a board of directors should perform to ensure strategic InfoSec objectives are being met?

Accepted Answer

Inculcate a culture that recognizes the

Question 15

A 2007 Deloitte report found that valuable approach that can better align security functions with the business mission while offering opportunities to lower costs is ____________.

Accepted Answer

A)  ​​enterprise risk management. 
B)  ​joint application design 
C)  ​security policy review 
D)  ​disaster recovery planning 
A)  ​​enterprise risk management. 
B)  ​joint application design 
C)  ​security policy review 
D)  ​disaster recovery planning

Question 16

_________resources include people,hardware,and the supporting system elements and resources associated with the management of information in all its states.

Accepted Answer

The answer of _________resources include people,hardware,and the supporting system elements...

Question 17

According to the Corporate Governance Task Force (CGTF),which phase in the IDEAL model and framework lays the groundwork for a successful improvement effort?

Accepted Answer

A)  Initiating 
B)  Establishing 
C)  Acting 
D)  Learning 
A)  Initiating 
B)  Establishing 
C)  Acting 
D)  Learning

Question 18

Which of the following is true about planning?

Accepted Answer

A)  Strategic plans are used to create tactical plans 
B)  Tactical plans are used to create strategic plans 
C)  Operational plans are used to create tactical plans 
D)  Operational plans are used to create strategic plans 
A)  Strategic plans are used to create tactical plans 
B)  Tactical plans are used to create strategic plans 
C)  Operational plans are used to create tactical plans 
D)  Operational plans are used to create strategic plans

Question 19

​When using the Governing for Enterprise Security (GES)program,an Enterprise Security Program (ESP)should be structured so that governance activities are driven by the organization's executive management,select key stakeholders,as well as the ____________.

Accepted Answer

A)  ​Board Risk Committee 
B)  ​Board Finance Committee 
C)  ​Board Audit Committee 
D)  ​Chairman of the Board 
A)  ​Board Risk Committee 
B)  ​Board Finance Committee 
C)  ​Board Audit Committee 
D)  ​Chairman of the Board

Question 20

What is the values statement and what is its importance to an organization?

Accepted Answer

One of the first positions that manageme

Information security governance yields significant benefits.List five.

What is the first phase of the SecSDLC?

The ISA 27014:2013 standard promotes five risk management processes,which should be adopted by the organization's executive management and its governing board.

A person or organization that has a vested interest in a particular aspect of the planning or operation of the organization is a stockbroker.

What is necessary for a top-down approach to the implementation of InfoSec to succeed?

Which of the following is a key advantage of the bottom-up approach to security implementation?

Which of the following explicitly declares the business of the organization and its intended areas of operations?

The individual responsible for the assessment,management,and implementation of information-protection activities in the organization is known as a(n)____________.

Individuals who control,and are therefore responsible for,the security and use of a particular set of information are known as ____________.

ISO 27014:2013 is the ISO 27000 series standard for ____________.

A senior executive who promotes the project and ensures its support,both financially and administratively,at the highest levels of the organization is needed to fill the role of a(n)____________ on a development team.

The ______________________ phase is the last phase of SecSDLC,but perhaps the most important.

The individual accountable for ensuring the day-to-day operation of the InfoSec program,accomplishing the objectives identified by the CISO and resolving issues identified by technicians are known as a(n)____________.

According to the ITGI,what are the four supervisory tasks a board of directors should perform to ensure strategic InfoSec objectives are being met?

A 2007 Deloitte report found that valuable approach that can better align security functions with the business mission while offering opportunities to lower costs is ____________.

_________resources include people,hardware,and the supporting system elements and resources associated with the management of information in all its states.

According to the Corporate Governance Task Force (CGTF),which phase in the IDEAL model and framework lays the groundwork for a successful improvement effort?

Which of the following is true about planning?

When using the Governing for Enterprise Security (GES)program,an Enterprise Security Program (ESP)should be structured so that governance activities are driven by the organization's executive management,select key stakeholders,as well as the ____________.

What is the values statement and what is its importance to an organization?

Introduction to the Management of Information Security

Compliance: Law and Ethics

Information Security Policy

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

Exam 3: Governance and Strategic Planning for Security

Information security governance yields significant benefits.List five.

What is the first phase of the SecSDLC?

​The ISA 27014:2013 standard promotes five risk management processes,which should be adopted by the organization's executive ​management and its governing board.

​A person or organization that has a vested interest in a particular aspect of the planning or operation of the organization is a stockbroker.

What is necessary for a top-down approach to the implementation of InfoSec to succeed?

Which of the following is a key advantage of the bottom-up approach to security implementation?

Which of the following explicitly declares the business of the organization and its intended areas of operations?

​The individual responsible for the assessment,management,and implementation of information-protection activities in the organization is known as a(n)____________.

​Individuals who control,and are therefore responsible for,the security and use of a particular set of information are known as ____________.

​ISO 27014:2013 is the ISO 27000 series standard for ____________.

​A senior executive who promotes the project and ensures its support,both financially and administratively,at the highest levels of the organization is needed to fill the role of a(n)____________ on a development team.

The ______________________ phase is the last phase of SecSDLC,but perhaps the most important.

​The individual accountable for ensuring the day-to-day operation of the InfoSec program,accomplishing the objectives identified by the CISO and resolving issues identified by technicians are known as a(n)____________.

According to the ITGI,what are the four supervisory tasks a board of directors should perform to ensure strategic InfoSec objectives are being met?

A 2007 Deloitte report found that valuable approach that can better align security functions with the business mission while offering opportunities to lower costs is ____________.

_________resources include people,hardware,and the supporting system elements and resources associated with the management of information in all its states.

According to the Corporate Governance Task Force (CGTF),which phase in the IDEAL model and framework lays the groundwork for a successful improvement effort?

Which of the following is true about planning?

​When using the Governing for Enterprise Security (GES)program,an Enterprise Security Program (ESP)should be structured so that governance activities are driven by the organization's executive management,select key stakeholders,as well as the ____________.

What is the values statement and what is its importance to an organization?

Introduction to the Management of Information Security

Compliance: Law and Ethics

Information Security Policy

Developing the Security Program

Risk Management: Identifying and Assessing Risk

Risk Management: Controlling Risk

Security Management Models

Security Management Practices

Planning for Contingencies

Personnel and Security

Protection Mechanisms

Filters

The ISA 27014:2013 standard promotes five risk management processes,which should be adopted by the organization's executive management and its governing board.

A person or organization that has a vested interest in a particular aspect of the planning or operation of the organization is a stockbroker.

The individual responsible for the assessment,management,and implementation of information-protection activities in the organization is known as a(n)____________.

Individuals who control,and are therefore responsible for,the security and use of a particular set of information are known as ____________.

ISO 27014:2013 is the ISO 27000 series standard for ____________.

A senior executive who promotes the project and ensures its support,both financially and administratively,at the highest levels of the organization is needed to fill the role of a(n)____________ on a development team.

The individual accountable for ensuring the day-to-day operation of the InfoSec program,accomplishing the objectives identified by the CISO and resolving issues identified by technicians are known as a(n)____________.

When using the Governing for Enterprise Security (GES)program,an Enterprise Security Program (ESP)should be structured so that governance activities are driven by the organization's executive management,select key stakeholders,as well as the ____________.