Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
20 Cards in this Set
- Front
- Back
|
____ work directly with data owners and are responsible for the storage, maintenance and protection of the information.
|
Data custodians
|
|
|
The National Association of Corporate Directors (NACD) recommends four essential practices for boards of directors. Which of the following is NOT one of these recommended practices?
|
Place information security at the top of the board’s agenda
|
|
|
The ____ phase is typically the most important phase of the security systems development life cycle (SecSDLC).
|
maintenance
|
|
|
The ____ explicitly declares the business of the organization and its intended areas of operations.
|
mission statement
|
|
|
According to the Corporate Governance Task Force (CGTF), in order to build programs suited to their needs, organizations should do all but which of the following?
|
Create and execute a plan for punitive action for employees who fail to resolve information security deficiencies
|
|
|
According to the Corporate Governance Task Force (CGTF), during which phase in the IDEAL model and framework does the organization plan the specifics of who it will reach its destination?
|
Establishing
|
|
|
The basic outcomes of information security governance should include all but which of the following?
|
Resource management by executing appropriate measures to manage and mitigate risks to information technologies
|
|
|
Which of the following is an information security governance responsibility of the organization’s employees?
|
Implement policy, report security vulnerabilities and breaches
|
|
|
A ____ is a feature left behind by system designers or maintenance staff.
|
back door
|
|
|
Which of the following is a characteristic of the bottom-up approach to security implementation?
|
Systems administrators attempting to improve the security of their systems
|
|
|
In the ____ phase of the security systems development life cycle (SecSDLC), the information obtained during the analysis phase is used to develop a proposed system-based solution for the business problem.
|
logical design
|
|
|
____ controls set the direction and scope of the security process and provide detailed instructions for its conduct.
|
Managerial
|
|
|
Operational plans are used by ____.
|
managers
|
|
|
The ____ statement contains a formal set of organizational principles, standards, and qualities.
|
values
|
|
|
According to the Corporate Governance Task Force (CGTF), during which phase in the IDEAL model and framework does the organization do the work according to the plan?
|
Acting
|
|
|
According to the Corporate Governance Task Force (CGTF), in order to build programs suited to their needs, organizations should do all but which of the following?
|
Conduct an annual information security evaluation, the results of which the CISO should review with security staff and then report to the board of directors
|
|
|
The information security governance framework generally consists of which of the following?
|
A security strategy that talks about the value of information technologies protected
|
|
|
____ commonly specify who can access a particular set of information.
|
Data owners
|
|
|
Vision statements are meant to be ____.
|
ambitious
|
|
|
At the end of each phase of the security systems development life cycle (SecSDLC), a ____ takes place.
|
structured review
|
