What would a security manager primarily utilize when proposing the implementation of a security solution?
What would a security manager PRIMARILY utilize when proposing the implementation of a security solution? … The information security manager must look at the costs of the various controls and compare them against the benefit the organization will receive from the security solution.
Which of the following should be the primary objective when developing an information security strategy?
The PRIMARY goal in developing an information security strategy is to: … The business objectives of the organization supersede all other factors. Establishing metrics and measuring performance, meeting legal and regulatory requirements, and educating business process owners are all subordinate to this overall goal.
What is the primary role of the information security manager in the process of information classification within an organization?
The chief information security officer (CISO) is responsible for security and carrying out senior management’s directives. The chief information officer (CIO) is responsible for information technology within the organization and is not ultimately responsible for the organization’s information.
How should an information security manager balance the potentially conflicting requirements of an international organization’s security standards with local regulations?
How would an information security manager balance the potentially conflicting requirements of an international organization’s security standards and local regulation? Explanation: Adherence to local regulations must always be the priority. Not following local regulations can prove detrimental to the group organization.
Which of the following is the most important delivery outcome of information security governance?
For organizations that had completed or were completing an information security governance project, the most important expected outcome was regulatory compliance (4.3) followed by risk management and strategic alignment with the business.
Which of the following is the most likely outcome from the implementation of a security governance framework?
An outcome of effective security governance is:
Which of the following is the primary focus for information security?
Information security’s primary focus is the balanced protection of the confidentiality, integrity, and availability of data (also known as the CIA triad) while maintaining a focus on efficient policy implementation, all without hampering organization productivity.
What is the primary objective of security awareness?
The PRIMARY objective of security awareness is to:
notify of actions for noncompliance. Explanation: It is most important that security-conscious behavior be encouraged among employees through training that influences expected responses to security incidents.
Which of the following is a primary goal of an information security program?
The main objectives of InfoSec are typically related to ensuring confidentiality, integrity, and availability of company information.
Which of the following actions should the information security manager take first on finding that current controls are not sufficient to prevent a serious compromise?
Which of the following actions should the information security manager take FIRST on finding that current controls are not sufficient to prevent a serious compromise? Reassess the risk.
Which of the following is the primary responsibility of the information security Steering Committee?
The role of the corporate security steering committee is to coordinate corporate security initiatives at the executive level and thus enable an organization to optimize spending, manage their infrastructure and minimize security risk.
Who should be primarily responsible for defining a security asset classification scheme?
Responsibility for ensuring that Information Assets have a security classification is authorised by the Information System Custodian (refer to Information Asset and Security Classification Schedule – Table 1).