Reference no: EM133245676
Questions
1. What are the two types of metrics and how would you define each one (There definition is not in the presentation)?
2. What is the relationship between Information Security Governance and Metrics?
3. What are the four Governance Objectives?
4. Ensuring objectives archived requires defining a strategy for what four items?
5. What information is required to make Strategic Decisions?
6. What are the three approaches in "Risks Managed Appropriately?"
7. What general clarifications are needed to verify resources are used responsibly?
8. Define the following terms?
a. Risk tolerance
b. Risk appetite
c. Key Goal Indicators (KGI)
d. Key Performance Indicators (KPI)
e. Critical Success Factors (CSF)
9. Identify some KGIs within a security program development?
10. Identify some KPIs within a security program development?
11. What is the most important question for Business Leaders and Executives in regards to security metrics?
12. What metric categories might one report to Executives and the Enterprise Risk Committee?
13. What guidance is provided in regards to new metrics?
14. Why should good and bad data be reported?
15. What are the two factors used in reporting metrics?
16. What are the six phases of SDLC?
17. any of the Center for Internet Security Top 20 controls relate to application development? If so, what is it called?
18. What percentage of reported vulnerabilities are in applications?
19. Who are some of the benefits of DEVSECOPS?"
20. A Project is a means to create what?"
21. What is the difference between Projects and Operations?
22. What is the Triple Constraint?
23. List the 5 Project Life cycle groups?
24. What is Critical Path?
25. What is a definition of Goal and Objectives?
26. What does SMART Objectives means?
27. A well-written objective suggests what?