User Account

All Pages

Information security governance framework

Assignment Help Basic Computer Science
Reference no: EM133478210

Question

1. Successful policies establish what must be done and why it must be done, but not how to do it. Good policy has several characteristics that help to drive success of the policy. Which one of the following is NOT one of those characteristics?

a. Adaptable: The policy can accommodate change.

b. The policy can be codified

c. Realistic: The policy make sense.

d. Inclusive: The policy scope includes all relevant parties.

2. What is a necessary preliminary step to the development of security controls and policies for protecting information?

a. information assets of the organization must be classified according to their importance and according to the impact of security breaches involving the information.

b. information assets of the organization must be classified according to their availability cost and the likelihood that the assets will be compromised or lost.

c. information assets of the organization must be grouped by their data source and according to the impact of security breaches involving the information.

d. information assets of the organization must be categorized according to the business need and importance of data in the event of data loss.

3. What is the process of establishing and maintaining a framework and supporting management structure and processes to provide assurance that information security strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, all in an effort to manage risk?

a. Information security governance

b. Data governance

c. Information security Policy Framework

d. Information strategy

4.The IT Governance Institute defines five basic outcomes of information security governance that lead to successful integration of information security with the organization's mission [ITGI06]. Which of the following is not one of them?

a. Performance measurement

b. Value Delivery

c. Threat detection

d. Risk management

5.Reporting enables stakeholders to ensure that information security is being managed effectively, and it should include the following:

Information security policy
Risk evaluation
Risk measures and response
Management systems

Why is reporting to stakeholders an important part of the Information Security Governance Framework?

a. Creates organizational synergy

b. Details Performance

c. Fosters innovation

d. Provides Accountability

6. What provides people who deal with information with a concise indication of how to handle and protect that information?

a. Classification

b. Risk management

c. Security controls

d. Threat intelligence

7. When defining Security Direction, the SGP recommends that the governing body include which C-level executive in order to support their activities as well as the activities that are under their direction. Which C-level exec is the SGP referring to?

a. CTO

b. CISO

c. CDO

d. CIO

8. Cybersecurity programs and policies recognize that organizations must be vigilant, resilient, and ready to protect and defend every ingress and egress connection as well as organizational data wherever it is stored, transmitted, or processed.

a. True

b. False

9. Regardless of whether a policy is based on guiding principles or regulatory requirements, its success depends in large part upon how the organization approaches the policy lifecycle. What are the components of the lifecycle?

a. Ideate, Publish, Execute, Adopt

b. Plan, Publish, Revise, Review

c. Develop, Publish, Execute, Revise

d. Develop, Publish, Adopt, Review

10. The first step in this process, according to SP 800-60, is to identify the information types to be classified. The result of this step should be an information taxonomy or catalog of information types. The level of detail, or granularity, must be decided by those involved in security governance. The determination may be based on factors such as the size of the organization, its range of activities, and the perceived overall level of risk.

a. security categorization process

b. data definition process

c. master data management process

d. data governance process

Reference no: EM133478210

Questions Cloud

Discuss promotion and describe role of marketing : Discuss promotion and describe the role of marketing in the achievement of business objectives.
Discuss the legal implications of encryption : Discuss the legal implications of encryption. Address the following issues: Does the right to privacy outweigh legal pursuits of the government for security
Discuss the legal implications of encryption : Discuss the legal implications of encryption. Address the following issues: Does the right to privacy outweigh legal pursuits of the government for security
Identify the tort, and discuss its elements : summarize it for the discussion board giving the details of the case and its outcome, if known; - identify the tort, and discuss its elements
Information security governance framework : Why is reporting to stakeholders an important part of the Information Security Governance Framework?
Describe a kpi that you have used yourself or have seen : Describe a KPI that you have used yourself or have seen or read about being used to manage a global supply chain process successfully.
Implement IPsec and DNSSEC protocols using networking device : How to implement IPsec and DNSSEC protocols using networking devices. What are some benefits and disadvantages?
List and explain why do you have to apply those strategies : List and Explain why do you have to apply those strategies and What are the Key Success Factors (KSF) to ensure success of your strategies
Should we issue bonds, common stock, or preferred stock : It appears we may need to raise more capital. Is expanding debt a good idea? Why or why not and should our given assets impact this decision?

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Exception error and explain potential implications

Select a Java program that contains an exception error. The exception error can be one that you have encountered yourself or one you located using the Internet. Describe your chosen exception error and explain potential implications.

  Enterprise resource planning systems

Enterprise Resource Planning (ERP) systems are used to plan and control important day-to-day operations.

  Discuss emerging it and security trends

Discuss emerging IT and security trends. How do they impact network security? Are there challenges and advantages by new technologies?

  Business strategy to drive organizational strategy

Why is it important for business strategy to drive organizational strategy and IS strategy? What might happen if the business strategy was not the driver?

  Runtime is an important concept in matrix operations

Runtime is an important concept in matrix operations in computer applications, particularly when massive calculations are involved in programming. In this week's discussion, you will explore these applications. Step I:Define the termruntime,and list..

  What is logical database design

Based on an entity-relationship diagram, how can you determine how many tables there will be in the corresponding relational database?

  Preformatted smartart styles

1-Preformatted SmartArt styles can be applied from the Design tab.

  What is returned by function two defined below for the call

What is returned by function two defined below for the call two(13)? Show your trace for full marks.

  Determining who to include in interviews

Discuss the considerations that should be made when determining who to include in interviews and/or JAD sessions.

  Write a program to verify your answer

When do you expect the grandchild to be adopted by init (so that getppid() in the grandchild returns 1): after the parent terminates or after the grandparent does a wait()? Write a program to verify your answer. 26-3. Replace the use of waitpid() ..

  Ceo challenge- how old information system handles functions

Explain how the old information system handles the functions you mentioned, the problems that occur, and why your information system will handle things better.

  Ajax applications are gaining in popularity

Why do you think AJAX applications are gaining in popularity? What are their advantages?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd