13355129
Description
Flashcards by Melinda Lyles, updated more than 1 year ago
|
Created by Melinda Lyles
over 7 years ago
|
|
| Question | Answer |
| Successful implementation of information security governance will first require | Updated security policies. |
| Which of the following is characteristic of centralized information security management | Better adherence to policy |
| Retention of business records should primarily be based on | Regulatory and legal requirements |
| Investments in information security technologies should be based on | Value analysis |
| Which of the following represents the major focus of privacy regulations | Identifiable personal data |
| Information security governance is primarily driven by | Business strategy |
| Which of the following would best ensure the success of information security governance within an organization | Steering committee’s approval security projects |
| The most appropriate role for senior management and supporting information security is the | Approval of policy statements and funding |
| Senior management commitment and support for information security can best be obtained through presentations that | Thai security wrist to key business objectives |
| Which of the following should be the first step in developing an information security plan | Analyze the current business strategy |
| Which of the following individuals would be in the best position to sponsor the creation of an information security steering group | Chief operations officer COO |
| The most important component of a privacy policy is | Notifications |
| The cost of implementing a security control should not exceed the | Asset value |
| When a security standard conflicts with a business objective the situation should be resolved by | Performing a risk analysis |
| Minimum standards for securing the technical infrastructure should be defined in a security | Architecture |
| Which of the following is most appropriate for inclusion in and information security strategy | Security processes methods tools and techniques |
| Senior management commitment and support for information security will best be obtained by and information security manager by emphasizing | Organizational risk |
| Which of the following rules would represent a conflict of interest for an information security manager | Final approval of information security policies |
| Which of the following situations must be corrected first to ensure successful information security governance within an organization | The data center manager has final sign off on all security projects |
| Which of the following requirements would have the lowest level of priority in information security | Technical |
| When an organization hires a new information security manager which of the following goals should this individual pursue first | Establish good communication with steering committee members |
| It is most important that information security architecture be aligned with which of the following | Business objectives and goals |
| Which of the following is most likely to be discretionary | Guidelines |
| Security technologies should be selected primarily on the basis of their | Ability to mitigate business risks |
| Which of the following are sold them changed in response to technological changes | Policies |
| The most important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in | Application systems and media |
| Which of the following is characteristics of decentralized information security management across a geographically dispersed organization | Better alignment to business unit needs |
| Which of the following is the most appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise | Chief operations officer COO |
| Which of the following would be the most important goal of an information security governance program | Ensuring trust in data |
| Relationships among security technologies are best defined through which of the following | Security architecture |
| Hey business unit intends to deploy a new technology in a manner that place is it in violation of existing information security standards what immediate action should an information security manager take | Perform a risk analysis to quantify the risk |
| Acceptable levels of information security risk should be determined by | Die steering committee |
| The primary goal in developing an information security strategy is to | Support the business objectives of the organization |
| Senior management commitment and support for information security can best be enhanced through | Periodic review of alignment with business management goals |
| When identifying legal and regulatory issues affecting information security which of the following would represent the best approach to developing information security policies | Develop policies that meet all mandated requirements |
| Which of the following most commonly falls within the scope of an information security governance steering committee | Prioritizing information security initiative’s |
| Which of the following is the most important factor when designing information security architecture | Stakeholders requirements |
| Which of the following characteristics is most important when looking at prospective candidates for the role of chief information security officer CISO | Ability to understand and map organizational needs to security technologies |
| Which of the following are likely to be updated most frequently | Procedures for hardening database servers |
| Who should be responsible for ensuring access rights to application data | Security administrator’s |
| The chief information security officer should ideally have a direct reporting relationship to the | Chief operations officer COO |
| Which of the following is the most essential task for a chief information security officer to perform | Develop and information security strategy paper |
| Developing a successful business case for an acquisition of information security software products can best be assisted by | Calculating return on investments are (ROD projections) |
| When in information security manager is developing a strategic plan for information security the timeline for the plan should be | Aligned with the business strategy |
| Which of the following is the most important information to include in a strategic plan for information security | Current state and desired future state |
| Information security projects should be prioritized on the basis of | Impact on the organization |
| Which of the following is the most important information to include in an information security standard | Last review date |
| Which of the following would best prepare in information security manager for regulatory review | Perform self assessments using regulatory guidelines and reports |
| And information security manager at a global organization that is subject to regulation’s by multiple governmental jurisdictions with differing requirements should | Establish baseline standards for all locations and add supplemental standards as required |
| Which of the following best describes an information security manager’s role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk | Evaluate the impact of information security risk |
Want to create your own Flashcards for free with GoConqr? Learn more.