Explore all topics
Start Free Trial
Need Help? Contact us
back arrowfull exam logo
search
ai logoChat with AI
Servicesarrow
Discoverarrow

Topics

Explore all topics
Discover more topics

Deck 2: Planning for Security

Full screen (f)
exit full mode
Question
In order to build programs suited to their needs,organizations should conduct an annual information security evaluation,the results of which the CISO should review with staff and then report to the board of directors.
Use Space or
up arrow
down arrow
to flip the card.
Question
A clearly directed strategy flows from top to bottom.
Question
Benefits of Information Security Governance include optimization of the allocation of limited security safeguards.
Question
Because it sets out general business intentions,a mission statement does not need to be concise.
Question
A good general governance framework based on the IDEAL model includes initiating,developing,evaluating,acting and leading.
Question
Penetration testing is often conducted by consultants or outsourced contractors,who are commonly referred to as hackers,ninja teams or black teams.
Question
Strategic planning has a more short-term focus than tactical planning.
Question
The primary goal of internal monitoring is to maintain an informed awareness of the state of all of the organization's networks,information systems,and information security defenses.
Question
The security governance responsibilities of mid-level managers in the organization includes implementing,auditing,enforcing and assessing compliance.
Question
A vision statement is meant to be a factual depiction of the current state of the organization.
Question
According to the Information Technology Governance Institute (ITGI),information security governance includes all of the accountabilities and methods undertaken by the board of directors and executive management to provide strategic direction and establishment of objectives.
Question
The success of information security plans can be enhanced by using a formal methodology like that of the systems development life cycle.
Question
Vision statements should be ambitious.
Question
Boards of Directors for Information Security Governance should follow essential practices including identifying information security leaders,holding them accountable and ensuring support for them.
Question
The CISO plays a more active role in the development of the planning details than does the CIO.
Question
Information security governance consists of the leadership,organizational structures,and processes that safeguard information.Critical to the success of these structures and processes is effective interoperability between all parties,which requires constructive relationships,a common language,and shared commitment to addressing the issues.
Question
CISOs use the operational plan to organize,prioritize,and acquire resources for major projects.
Question
The champion in a top-down approach to security implementation is usually a network administrator.
Question
Implementation of information security can be accomplished only with a top-down approach.
Question
The basic outcomes of information security governance should include strategic alignment of information security with business strategy to support strategic planning.
Question
A bottom-up approach to information security implementation begins with  security managers \text {\underline{ security managers} }

who see to improve the security of their systems._________________________
Question
According to Information Security Roles and Responsibilities Made Easy,the Chief Information Security Officer must understand the fundamental  information technology  \text {\underline{ information technology } }

activities performed by the company and,based on this understanding,suggest appropriate information security solutions that uniquely protect these activities._________________________
Question
In order to build security programs suited to their needs,the CGTF recommends organizations conduct periodic testing and evaluation of the legality  \text {\underline{legality } }
of information security policies and procedures._________________________
Question
Information security governance benefits include increased predictability and reduced uncertainty of business operations  \text {\underline{business operations } }

by lowering information-security-related risks to definable and acceptable levels _________________________
Question
Some companies refer to  operationa \text {\underline{ operationa} }

planning as intermediate planning._________________________
Question
Tactical  \text {\underline{Tactical } }

planning is the basis for the long-term direction taken by the organization._________________________
Question
Organizations following the IDEAL Governance framework would determine where you are relative to where you want to be in the  evaluation \text {\underline{ evaluation} }

phase._________________________
Question
 Strategic \text {\underline{ Strategic} }

plans are used to create tactical plans._________________________
Question
Information security governance includes all of the accountabilities and methods undertaken by the board of directors and executive management to provide strategic direction,verification that  risk management \text {\underline{ risk management} }

practices are appropriate,and validation that the organization's assets are used properly._________________________
Question
In a(n) methodology  \text {\underline{methodology } }

,a problem is solved based on a structured sequence of procedures._________________________
Question
The  top-down \text {\underline{ top-down} }

approach to security implementation might begin as a grass-roots effort in which systems administrators attempt to improve the security of their systems._________________________
Question
The information security governance framework generally includes a comprehensive security strategy explicitly linked with business and IT  risks  \text {\underline{ risks } }

._________________________
Question
A(n)  vulnerability \text {\underline{ vulnerability} }

is an identified weakness of a controlled information asset and is the result of absent or inadequate controls._________________________
Question
Boards of directors should supervise strategic information security objectives by verifying that management's investment in information security is properly aligned with organizational strategies and the organization's competitive  \text {\underline{competitive } }

environment._________________________
Question
The impetus to begin a SDLC-based project may be either event-driven or personnel-driven  \text {\underline{personnel-driven } }

._________________________
Question
According to NACD,boards of directors should identify information security risks  \text {\underline{risks } }

,hold them accountable,and ensure support for them._________________________
Question
The primary role of the chief information  \text {\underline{information } }

officer is to oversee overall "corporate security posture" for which he/she is accountable to the board._________________________
Question
The basic outcomes of information security governance should include risk management by executing appropriate measures to manage and mitigate threats  \text {\underline{threats } }
to information resources._________________________
Question
The values statement  \text {\underline{values statement } }

of a business is like its identity card._________________________
Question
The CISO is also known as the chief security officer,director of information security  \text {\underline{security } }

or information security manager._________________________
Question
According to the Corporate Governance Task Force (CGTF),in order to build programs suited to their needs,organizations should do all but which of the following?

A) Create and execute a plan for punitive action for employees who fail to resolve information security deficiencies
B) Use security best practices guidance, such as ISO 17799, to measure information security performance
C) Establish plans, procedures, and tests to provide continuity of operations
D) Develop plans and initiate actions to provide adequate information security for networks, facilities, systems, and information
Question
Operational plans are used by ____.

A) managers
B) security managers
C) the CISO
D) the CIO
Question
The basic outcomes of information security governance should include all but which of the following?

A) Value delivery by optimizing information security investments in support of organizational objectives
B) Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved
C) Resource management by executing appropriate measures to manage and mitigate risks to information technologies
D) Resource management by utilizing information security knowledge and infrastructure efficiently and effectively
Question
The National Association of Corporate Directors (NACD)recommends four essential practices for boards of directors.Which of the following is NOT one of these recommended practices?

A) Place information security at the top of the board's agenda
B) Assign information security to a key committee and ensure adequate support for that committee
C) Ensure the effectiveness of the corporation's information security policy through review and approval
D) Identify information security leaders, hold them accountable, and ensure support for them
Question
The ____ statement contains a formal set of organizational principles,standards,and qualities.

A) vision
B) mission
C) values
D) business
Question
The long-term direction taken by the organization is based on ____ planning.

A) strategic
B) tactical
C) operational
D) managerial
Question
The information security governance framework generally consists of which of the following?

A) Security policies that address each aspect of strategy, control, and regulation
B) A security strategy that talks about the value of information technologies protected
C) Institutionalized monitoring processes to ensure compliance and provide feedback on effectiveness and mitigation of risk
D) All of these are components of the information security governance framework
Question
Which of the following is NOT a significant benefit of information security governance?

A) Optimization of the allocation of limited security resources
B) A level of assurance that critical decisions are not based on faulty information
C) Increased predictability and reduced uncertainty of business operations by lowering information security-related risks to definable and acceptable levels
D) All of these are benefits of information security governance
Question
The ____ explicitly declares the business of the organization and its intended areas of operations.

A) vision statement
B) values statement
C) mission statement
D) business statement
Question
Budgeting,resource allocation,and manpower are critical components of the ____ plan.

A) strategic
B) operational
C) organizational
D) tactical
Question
According to the Corporate Governance Task Force (CGTF),in order to build programs suited to their needs,organizations should do all but which of the following?

A) Conduct periodic testing and evaluation of the effectiveness of information security policies and procedures
B) Establish a security management structure to assign explicit individual roles, responsibilities, authority, and accountability
C) Conduct an annual information security evaluation, the results of which the CISO should review with security staff and then report to the board of directors
D) Implement policies and procedures based on risk assessments to secure information assets
Question
Information security ____ must be addressed at the highest levels of an organization's management team in order to be effective and offer a sustainable approach.

A) objectives
B) plans
C) governance
D) practices
Question
Which of the following is true about mission statements?

A) They should be ambitious
B) They express what the organization is
C) They express the aspirations of the organization
D) They are not meant to be probable
Question
____ statements are meant to express the aspirations of the organization.

A) Mission
B) Vision
C) Values
D) Business
Question
Vision statements are meant to be ____.

A) probable
B) realistic
C) factual
D) ambitious
Question
According to the IGTI,Boards of directors should supervise strategic information security objectives by all but which of the following?

A) Inculcating a culture that recognizes the criticality of information and information security to the organization
B) Verifying that management's investment in information security is properly aligned with organizational budgets and the organization's financial environment
C) Assuring that a comprehensive information security program is developed and implemented
D) Demanding reports from the various layers of management on the information security program's effectiveness and adequacy
Question
____ plans are used to organize the ongoing,day-to-day performance of tasks.

A) Strategic
B) Tactical
C) Organizational
D) Operational
Question
Tactical planning is also referred to as ____.

A) strategic planning
B) project planning
C) organizational planning
D) operational planning
Question
Which of the following is true?

A) Strategic plans are used to create tactical plans
B) Tactical plans are used to create strategic plans
C) Operational plans are used to create tactical plans
D) Operational plans are used to create strategic plans
Question
Tactical planning usually has a focus of ____.

A) one to five days
B) one to three months
C) one to three years
D) five or more years
Question
According to the Corporate Governance Task Force (CGTF),which phase in the IDEAL model and framework lays the groundwork for a successful improvement effort?

A) Initiating
B) Establishing
C) Acting
D) Learning
Question
Which of the following is an information security governance responsibility of the organization's employees?

A) Communicate policies and the program
B) Set security policy, procedures, programs and training for the organization
C) Brief the board, customers and the public
D) Implement policy, report security vulnerabilities and breaches
Question
A ____ is a formal approach to solving a problem based on a structured sequence of procedures.

A) plan
B) methodology
C) program
D) control
Question
Which of the following is a characteristic of the bottom-up approach to security implementation?

A) Strong upper-management support
B) A clear planning and implementation process
C) Systems administrators attempting to improve the security of their systems
D) Ability to influence organizational culture
Question
According to the Corporate Governance Task Force (CGTF),during which phase in the IDEAL model and framework does the organization plan the specifics of who it will reach its destination?

A) Initiating
B) Establishing
C) Acting
D) Learning
Question
According to the Corporate Governance Task Force (CGTF),during which phase in the IDEAL model and framework does the organization do the work according to the plan?

A) Initiating
B) Establishing
C) Acting
D) Learning
Question
A SDLC-based project may be started by an event-driven or a ____ impetus.

A) plan-driven
B) process-driven
C) sequence-driven
D) personnel-driven
Question
A(n)____ is a category of objects,persons or other entities that represent a constant threat to an asset.

A) threat
B) vulnerability
C) risk
D) exploit
Question
In the ____ phase of the security systems development life cycle (SecSDLC),the information obtained during the analysis phase is used to develop a proposed system-based solution for the business problem.

A) logical design
B) physical design
C) investigation
D) implementation
Question
At the end of the investigation phase of the security systems development life cycle (SecSDLC),a ____ analysis is performed.

A) effort-value
B) value
C) worthiness
D) feasibility
Question
According to the Corporate Governance Task Force (CGTF),during which phase in the IDEAL model and framework does the organization improve its ability to adopt new improvements in the future?

A) Initiating
B) Establishing
C) Acting
D) Learning
Question
In the security systems development life cycle (SecSDLC),the work products of each phase fall into the next phase to serve as its starting point,which is known as the ____ model.

A) continuous
B) cycle-based
C) circular
D) waterfall
Question
The ____ phase of the security systems development life cycle (SecSDLC)assesses the organization's readiness,its current systems status,and its capability to implement and then support the proposed systems.

A) physical design
B) implementation
C) investigation
D) analysis
Question
The first phase of the security systems development life cycle (SecSDLC)is the ____ phase.

A) analysis
B) investigation
C) logical design
D) physical design
Question
A SDLC-based project that is the result of a carefully developed strategy is said to be ____.

A) employee-driven
B) plan-driven
C) sequence-driven
D) event-driven
Question
A(n)____ is a category of objects,persons or other entities that represent a constant threat to an asset.

A) threat
B) vulnerability
C) risk
D) exploit
Question
Which of the following is an nformation security governance responsibility of the CISO?

A) Communicate policies and the program
B) Set security policy, procedures, programs and training for the organization
C) Brief the board, customers and the public
D) Implement policy, report security vulnerabilities and breaches
Question
Which of the following is an information security governance responsibility of the CEO?

A) Communicate policies and the program
B) Set security policy, procedures, programs and training for the organization
C) brief the board, customers and the public
D) implement policy, report security vulnerabilities and breaches
Question
A(n)____ approach to security implementation is frequently referred to as a grass-roots effort.

A) SDLC
B) SecSDLC
C) top-down
D) bottom-up
Question
At the end of each phase of the security systems development life cycle (SecSDLC),a ____ takes place.

A) brainstorming session
B) structured discussion
C) structured review
D) planning session
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/123
auto play flashcards
Play
simple tutorial
Full screen (f)
exit full mode
Deck 2: Planning for Security
1
In order to build programs suited to their needs,organizations should conduct an annual information security evaluation,the results of which the CISO should review with staff and then report to the board of directors.
False
2
A clearly directed strategy flows from top to bottom.
True
3
Benefits of Information Security Governance include optimization of the allocation of limited security safeguards.
False
4
Because it sets out general business intentions,a mission statement does not need to be concise.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
5
A good general governance framework based on the IDEAL model includes initiating,developing,evaluating,acting and leading.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
6
Penetration testing is often conducted by consultants or outsourced contractors,who are commonly referred to as hackers,ninja teams or black teams.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
7
Strategic planning has a more short-term focus than tactical planning.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
8
The primary goal of internal monitoring is to maintain an informed awareness of the state of all of the organization's networks,information systems,and information security defenses.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
9
The security governance responsibilities of mid-level managers in the organization includes implementing,auditing,enforcing and assessing compliance.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
10
A vision statement is meant to be a factual depiction of the current state of the organization.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
11
According to the Information Technology Governance Institute (ITGI),information security governance includes all of the accountabilities and methods undertaken by the board of directors and executive management to provide strategic direction and establishment of objectives.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
12
The success of information security plans can be enhanced by using a formal methodology like that of the systems development life cycle.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
13
Vision statements should be ambitious.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
14
Boards of Directors for Information Security Governance should follow essential practices including identifying information security leaders,holding them accountable and ensuring support for them.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
15
The CISO plays a more active role in the development of the planning details than does the CIO.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
16
Information security governance consists of the leadership,organizational structures,and processes that safeguard information.Critical to the success of these structures and processes is effective interoperability between all parties,which requires constructive relationships,a common language,and shared commitment to addressing the issues.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
17
CISOs use the operational plan to organize,prioritize,and acquire resources for major projects.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
18
The champion in a top-down approach to security implementation is usually a network administrator.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
19
Implementation of information security can be accomplished only with a top-down approach.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
20
The basic outcomes of information security governance should include strategic alignment of information security with business strategy to support strategic planning.
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
21
A bottom-up approach to information security implementation begins with  security managers \text {\underline{ security managers} }

who see to improve the security of their systems._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
22
According to Information Security Roles and Responsibilities Made Easy,the Chief Information Security Officer must understand the fundamental  information technology  \text {\underline{ information technology } }

activities performed by the company and,based on this understanding,suggest appropriate information security solutions that uniquely protect these activities._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
23
In order to build security programs suited to their needs,the CGTF recommends organizations conduct periodic testing and evaluation of the legality  \text {\underline{legality } }
of information security policies and procedures._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
24
Information security governance benefits include increased predictability and reduced uncertainty of business operations  \text {\underline{business operations } }

by lowering information-security-related risks to definable and acceptable levels _________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
25
Some companies refer to  operationa \text {\underline{ operationa} }

planning as intermediate planning._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
26
Tactical  \text {\underline{Tactical } }

planning is the basis for the long-term direction taken by the organization._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
27
Organizations following the IDEAL Governance framework would determine where you are relative to where you want to be in the  evaluation \text {\underline{ evaluation} }

phase._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
28
 Strategic \text {\underline{ Strategic} }

plans are used to create tactical plans._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
29
Information security governance includes all of the accountabilities and methods undertaken by the board of directors and executive management to provide strategic direction,verification that  risk management \text {\underline{ risk management} }

practices are appropriate,and validation that the organization's assets are used properly._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
30
In a(n) methodology  \text {\underline{methodology } }

,a problem is solved based on a structured sequence of procedures._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
31
The  top-down \text {\underline{ top-down} }

approach to security implementation might begin as a grass-roots effort in which systems administrators attempt to improve the security of their systems._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
32
The information security governance framework generally includes a comprehensive security strategy explicitly linked with business and IT  risks  \text {\underline{ risks } }

._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
33
A(n)  vulnerability \text {\underline{ vulnerability} }

is an identified weakness of a controlled information asset and is the result of absent or inadequate controls._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
34
Boards of directors should supervise strategic information security objectives by verifying that management's investment in information security is properly aligned with organizational strategies and the organization's competitive  \text {\underline{competitive } }

environment._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
35
The impetus to begin a SDLC-based project may be either event-driven or personnel-driven  \text {\underline{personnel-driven } }

._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
36
According to NACD,boards of directors should identify information security risks  \text {\underline{risks } }

,hold them accountable,and ensure support for them._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
37
The primary role of the chief information  \text {\underline{information } }

officer is to oversee overall "corporate security posture" for which he/she is accountable to the board._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
38
The basic outcomes of information security governance should include risk management by executing appropriate measures to manage and mitigate threats  \text {\underline{threats } }
to information resources._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
39
The values statement  \text {\underline{values statement } }

of a business is like its identity card._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
40
The CISO is also known as the chief security officer,director of information security  \text {\underline{security } }

or information security manager._________________________
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
41
According to the Corporate Governance Task Force (CGTF),in order to build programs suited to their needs,organizations should do all but which of the following?

A) Create and execute a plan for punitive action for employees who fail to resolve information security deficiencies
B) Use security best practices guidance, such as ISO 17799, to measure information security performance
C) Establish plans, procedures, and tests to provide continuity of operations
D) Develop plans and initiate actions to provide adequate information security for networks, facilities, systems, and information
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
42
Operational plans are used by ____.

A) managers
B) security managers
C) the CISO
D) the CIO
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
43
The basic outcomes of information security governance should include all but which of the following?

A) Value delivery by optimizing information security investments in support of organizational objectives
B) Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved
C) Resource management by executing appropriate measures to manage and mitigate risks to information technologies
D) Resource management by utilizing information security knowledge and infrastructure efficiently and effectively
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
44
The National Association of Corporate Directors (NACD)recommends four essential practices for boards of directors.Which of the following is NOT one of these recommended practices?

A) Place information security at the top of the board's agenda
B) Assign information security to a key committee and ensure adequate support for that committee
C) Ensure the effectiveness of the corporation's information security policy through review and approval
D) Identify information security leaders, hold them accountable, and ensure support for them
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
45
The ____ statement contains a formal set of organizational principles,standards,and qualities.

A) vision
B) mission
C) values
D) business
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
46
The long-term direction taken by the organization is based on ____ planning.

A) strategic
B) tactical
C) operational
D) managerial
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
47
The information security governance framework generally consists of which of the following?

A) Security policies that address each aspect of strategy, control, and regulation
B) A security strategy that talks about the value of information technologies protected
C) Institutionalized monitoring processes to ensure compliance and provide feedback on effectiveness and mitigation of risk
D) All of these are components of the information security governance framework
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
48
Which of the following is NOT a significant benefit of information security governance?

A) Optimization of the allocation of limited security resources
B) A level of assurance that critical decisions are not based on faulty information
C) Increased predictability and reduced uncertainty of business operations by lowering information security-related risks to definable and acceptable levels
D) All of these are benefits of information security governance
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
49
The ____ explicitly declares the business of the organization and its intended areas of operations.

A) vision statement
B) values statement
C) mission statement
D) business statement
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
50
Budgeting,resource allocation,and manpower are critical components of the ____ plan.

A) strategic
B) operational
C) organizational
D) tactical
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
51
According to the Corporate Governance Task Force (CGTF),in order to build programs suited to their needs,organizations should do all but which of the following?

A) Conduct periodic testing and evaluation of the effectiveness of information security policies and procedures
B) Establish a security management structure to assign explicit individual roles, responsibilities, authority, and accountability
C) Conduct an annual information security evaluation, the results of which the CISO should review with security staff and then report to the board of directors
D) Implement policies and procedures based on risk assessments to secure information assets
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
52
Information security ____ must be addressed at the highest levels of an organization's management team in order to be effective and offer a sustainable approach.

A) objectives
B) plans
C) governance
D) practices
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
53
Which of the following is true about mission statements?

A) They should be ambitious
B) They express what the organization is
C) They express the aspirations of the organization
D) They are not meant to be probable
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
54
____ statements are meant to express the aspirations of the organization.

A) Mission
B) Vision
C) Values
D) Business
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
55
Vision statements are meant to be ____.

A) probable
B) realistic
C) factual
D) ambitious
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
56
According to the IGTI,Boards of directors should supervise strategic information security objectives by all but which of the following?

A) Inculcating a culture that recognizes the criticality of information and information security to the organization
B) Verifying that management's investment in information security is properly aligned with organizational budgets and the organization's financial environment
C) Assuring that a comprehensive information security program is developed and implemented
D) Demanding reports from the various layers of management on the information security program's effectiveness and adequacy
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
57
____ plans are used to organize the ongoing,day-to-day performance of tasks.

A) Strategic
B) Tactical
C) Organizational
D) Operational
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
58
Tactical planning is also referred to as ____.

A) strategic planning
B) project planning
C) organizational planning
D) operational planning
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
59
Which of the following is true?

A) Strategic plans are used to create tactical plans
B) Tactical plans are used to create strategic plans
C) Operational plans are used to create tactical plans
D) Operational plans are used to create strategic plans
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
60
Tactical planning usually has a focus of ____.

A) one to five days
B) one to three months
C) one to three years
D) five or more years
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
61
According to the Corporate Governance Task Force (CGTF),which phase in the IDEAL model and framework lays the groundwork for a successful improvement effort?

A) Initiating
B) Establishing
C) Acting
D) Learning
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
62
Which of the following is an information security governance responsibility of the organization's employees?

A) Communicate policies and the program
B) Set security policy, procedures, programs and training for the organization
C) Brief the board, customers and the public
D) Implement policy, report security vulnerabilities and breaches
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
63
A ____ is a formal approach to solving a problem based on a structured sequence of procedures.

A) plan
B) methodology
C) program
D) control
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
64
Which of the following is a characteristic of the bottom-up approach to security implementation?

A) Strong upper-management support
B) A clear planning and implementation process
C) Systems administrators attempting to improve the security of their systems
D) Ability to influence organizational culture
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
65
According to the Corporate Governance Task Force (CGTF),during which phase in the IDEAL model and framework does the organization plan the specifics of who it will reach its destination?

A) Initiating
B) Establishing
C) Acting
D) Learning
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
66
According to the Corporate Governance Task Force (CGTF),during which phase in the IDEAL model and framework does the organization do the work according to the plan?

A) Initiating
B) Establishing
C) Acting
D) Learning
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
67
A SDLC-based project may be started by an event-driven or a ____ impetus.

A) plan-driven
B) process-driven
C) sequence-driven
D) personnel-driven
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
68
A(n)____ is a category of objects,persons or other entities that represent a constant threat to an asset.

A) threat
B) vulnerability
C) risk
D) exploit
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
69
In the ____ phase of the security systems development life cycle (SecSDLC),the information obtained during the analysis phase is used to develop a proposed system-based solution for the business problem.

A) logical design
B) physical design
C) investigation
D) implementation
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
70
At the end of the investigation phase of the security systems development life cycle (SecSDLC),a ____ analysis is performed.

A) effort-value
B) value
C) worthiness
D) feasibility
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
71
According to the Corporate Governance Task Force (CGTF),during which phase in the IDEAL model and framework does the organization improve its ability to adopt new improvements in the future?

A) Initiating
B) Establishing
C) Acting
D) Learning
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
72
In the security systems development life cycle (SecSDLC),the work products of each phase fall into the next phase to serve as its starting point,which is known as the ____ model.

A) continuous
B) cycle-based
C) circular
D) waterfall
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
73
The ____ phase of the security systems development life cycle (SecSDLC)assesses the organization's readiness,its current systems status,and its capability to implement and then support the proposed systems.

A) physical design
B) implementation
C) investigation
D) analysis
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
74
The first phase of the security systems development life cycle (SecSDLC)is the ____ phase.

A) analysis
B) investigation
C) logical design
D) physical design
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
75
A SDLC-based project that is the result of a carefully developed strategy is said to be ____.

A) employee-driven
B) plan-driven
C) sequence-driven
D) event-driven
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
76
A(n)____ is a category of objects,persons or other entities that represent a constant threat to an asset.

A) threat
B) vulnerability
C) risk
D) exploit
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
77
Which of the following is an nformation security governance responsibility of the CISO?

A) Communicate policies and the program
B) Set security policy, procedures, programs and training for the organization
C) Brief the board, customers and the public
D) Implement policy, report security vulnerabilities and breaches
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
78
Which of the following is an information security governance responsibility of the CEO?

A) Communicate policies and the program
B) Set security policy, procedures, programs and training for the organization
C) brief the board, customers and the public
D) implement policy, report security vulnerabilities and breaches
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
79
A(n)____ approach to security implementation is frequently referred to as a grass-roots effort.

A) SDLC
B) SecSDLC
C) top-down
D) bottom-up
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
80
At the end of each phase of the security systems development life cycle (SecSDLC),a ____ takes place.

A) brainstorming session
B) structured discussion
C) structured review
D) planning session
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Unlock Deck
k this deck
locked card icon
Unlock Deck
Unlock for access to all 123 flashcards in this deck.
Examlex
Examlex
Work With Us
Policies
Download the App
Scan to downloadDownload the App
qr-code
Links
Links
Work With Us
Download the App

Scan to downloadDownload the App
qr-code

Copyright © 2025 Examlex LLC.
  • facebook-footer
  • instagram-footer
  • x-footer
  • tiktok
  • Linktree