Multiple Choice
Which of the following statements about the maintenance and review of information security policies is NOT true?
A) The review and maintenance of security policies should be tied to the performance evaluations of accountable individuals.
B) Review requirements should be included in the security policies themselves.
C) When business requirements change, security policies should be reviewed to confirm that policies reflect the new business requirements.
D) Functional users and information custodians are ultimately responsible for the accuracy and relevance of information security policies.
E) In the absence of changes to business requirements and processes, information-security policy reviews should be annual.
Correct Answer:
Verified
Correct Answer:
Verified
Q34: When should procedures be evaluated?<br>A) When new
Q35: Maintenance of the Business Continuity Plan (BCP)
Q36: Distinguish between the role of the data
Q37: Which type of Business Continuity Plan (BCP)
Q38: Why does the (ISC)2 access-control systems and
Q40: Which TWO of the following items should
Q41: ----------- is issued by senior management, and
Q42: When attempting to identify OPSEC indicators, information-security
Q43: Which of the following is a cost-effective
Q44: A(n) _ occurs when intrusion-detection measures fail