User Account

All Pages

Information security governance framework

Assignment Help Basic Computer Science
Reference no: EM133478210

Question

1. Successful policies establish what must be done and why it must be done, but not how to do it. Good policy has several characteristics that help to drive success of the policy. Which one of the following is NOT one of those characteristics?

a. Adaptable: The policy can accommodate change.

b. The policy can be codified

c. Realistic: The policy make sense.

d. Inclusive: The policy scope includes all relevant parties.

2. What is a necessary preliminary step to the development of security controls and policies for protecting information?

a. information assets of the organization must be classified according to their importance and according to the impact of security breaches involving the information.

b. information assets of the organization must be classified according to their availability cost and the likelihood that the assets will be compromised or lost.

c. information assets of the organization must be grouped by their data source and according to the impact of security breaches involving the information.

d. information assets of the organization must be categorized according to the business need and importance of data in the event of data loss.

3. What is the process of establishing and maintaining a framework and supporting management structure and processes to provide assurance that information security strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, all in an effort to manage risk?

a. Information security governance

b. Data governance

c. Information security Policy Framework

d. Information strategy

4.The IT Governance Institute defines five basic outcomes of information security governance that lead to successful integration of information security with the organization's mission [ITGI06]. Which of the following is not one of them?

a. Performance measurement

b. Value Delivery

c. Threat detection

d. Risk management

5.Reporting enables stakeholders to ensure that information security is being managed effectively, and it should include the following:

Information security policy
Risk evaluation
Risk measures and response
Management systems

Why is reporting to stakeholders an important part of the Information Security Governance Framework?

a. Creates organizational synergy

b. Details Performance

c. Fosters innovation

d. Provides Accountability

6. What provides people who deal with information with a concise indication of how to handle and protect that information?

a. Classification

b. Risk management

c. Security controls

d. Threat intelligence

7. When defining Security Direction, the SGP recommends that the governing body include which C-level executive in order to support their activities as well as the activities that are under their direction. Which C-level exec is the SGP referring to?

a. CTO

b. CISO

c. CDO

d. CIO

8. Cybersecurity programs and policies recognize that organizations must be vigilant, resilient, and ready to protect and defend every ingress and egress connection as well as organizational data wherever it is stored, transmitted, or processed.

a. True

b. False

9. Regardless of whether a policy is based on guiding principles or regulatory requirements, its success depends in large part upon how the organization approaches the policy lifecycle. What are the components of the lifecycle?

a. Ideate, Publish, Execute, Adopt

b. Plan, Publish, Revise, Review

c. Develop, Publish, Execute, Revise

d. Develop, Publish, Adopt, Review

10. The first step in this process, according to SP 800-60, is to identify the information types to be classified. The result of this step should be an information taxonomy or catalog of information types. The level of detail, or granularity, must be decided by those involved in security governance. The determination may be based on factors such as the size of the organization, its range of activities, and the perceived overall level of risk.

a. security categorization process

b. data definition process

c. master data management process

d. data governance process

Reference no: EM133478210

Questions Cloud

Discuss promotion and describe role of marketing : Discuss promotion and describe the role of marketing in the achievement of business objectives.
Discuss the legal implications of encryption : Discuss the legal implications of encryption. Address the following issues: Does the right to privacy outweigh legal pursuits of the government for security
Discuss the legal implications of encryption : Discuss the legal implications of encryption. Address the following issues: Does the right to privacy outweigh legal pursuits of the government for security
Identify the tort, and discuss its elements : summarize it for the discussion board giving the details of the case and its outcome, if known; - identify the tort, and discuss its elements
Information security governance framework : Why is reporting to stakeholders an important part of the Information Security Governance Framework?
Describe a kpi that you have used yourself or have seen : Describe a KPI that you have used yourself or have seen or read about being used to manage a global supply chain process successfully.
Implement IPsec and DNSSEC protocols using networking device : How to implement IPsec and DNSSEC protocols using networking devices. What are some benefits and disadvantages?
List and explain why do you have to apply those strategies : List and Explain why do you have to apply those strategies and What are the Key Success Factors (KSF) to ensure success of your strategies
Should we issue bonds, common stock, or preferred stock : It appears we may need to raise more capital. Is expanding debt a good idea? Why or why not and should our given assets impact this decision?

Reviews

Write a Review

Basic Computer Science Questions & Answers

  Identifies the cost of computer

identifies the cost of computer components to configure a computer system (including all peripheral devices where needed) for use in one of the following four situations:

  Input devices

Compare how the gestures data is generated and represented for interpretation in each of the following input devices. In your comparison, consider the data formats (radio waves, electrical signal, sound, etc.), device drivers, operating systems suppo..

  Cores on computer systems

Assignment : Cores on Computer Systems:  Differentiate between multiprocessor systems and many-core systems in terms of power efficiency, cost benefit analysis, instructions processing efficiency, and packaging form factors.

  Prepare an annual budget in an excel spreadsheet

Prepare working solutions in Excel that will manage the annual budget

  Write a research paper in relation to a software design

Research paper in relation to a Software Design related topic

  Describe the forest, domain, ou, and trust configuration

Describe the forest, domain, OU, and trust configuration for Bluesky. Include a chart or diagram of the current configuration. Currently Bluesky has a single domain and default OU structure.

  Construct a truth table for the boolean expression

Construct a truth table for the Boolean expressions ABC + A'B'C' ABC + AB'C' + A'B'C' A(BC' + B'C)

  Evaluate the cost of materials

Evaluate the cost of materials

  The marie simulator

Depending on how comfortable you are with using the MARIE simulator after reading

  What is the main advantage of using master pages

What is the main advantage of using master pages. Explain the purpose and advantage of using styles.

  Describe the three fundamental models of distributed systems

Explain the two approaches to packet delivery by the network layer in Distributed Systems. Describe the three fundamental models of Distributed Systems

  Distinguish between caching and buffering

Distinguish between caching and buffering The failure model defines the ways in which failure may occur in order to provide an understanding of the effects of failure. Give one type of failure with a brief description of the failure

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd