question1. Because no two organizations are alike, different needs require diffe

Question

question1.

Because no two organizations are alike, different needs require different solutions, and therefore, security professionals can take advantage of a variety of policy frameworks. That means that each organization can determine the appropriate policy framework to meet its organization’s needs and threats.

QUESTION 2

It is important to create an IT security program structure that aligns with program and organizational goals and describes the operating and risk environment. Which of the following is one of the important issues for the structure of the information security program?

QUESTION 3

Which of the following topics describes the process of building security into applications?

QUESTION 4

_______ addresses how specific a policy is with respect to resources.

QUESTION 5

When situations arise in which your organization cannot meet one or more standards immediately, it is vitally important to recognize an exception to standards to determine where problems may exist.

QUESTION 6

The NIST SP 800-53, “Recommended Security Controls for Federal Information Systems” was written using a popular risk management approach. Which of the following control areas best fits this description: “This is the area in which an organization develops, documents, periodically updates, and implements security plans for information systems”?

QUESTION 7

Which of the following statements captures the function of guidelines presented in guidance documents for IT security?

QUESTION 8

Research shows that projects dedicated to information security policies fail due to eight common perceived missteps. Which of the following is not one of the missteps?

QUESTION 9

Motivated employees are far more likely to embrace the implementation security policies, but this does not correlate to more risks being identified and mitigated for the organization. Rather, it creates a more comfortable work environment.

QUESTION 10

When discussing security policies and implementation tasks, one should follow a checklist with three items: 1) things to do; 2) things to pay attention to; and 3) things to report.

QUESTION 11

For leaders, implementing security policies is all about working through others to gain their support and adhere to the policies. Of the widely accepted leadership rules that apply to security policies, which of the following is not among these rules?

QUESTION 12

In order to convince an organization to adopt security policies, it is necessary for a manager to have some proficiency in ______, which refers to certain social personality traits such as the ability to communicate and project optimism.

QUESTION 13

When you need to discipline employees, it is important to discipline different employees differently for the same policy violation in order to prevent them from becoming complacent. It is necessary to work independently from the human resources department and create your own procedures.

QUESTION 14

One should focus on measuring risk to the business as opposed to implementation of policies and control when tying policy adherence to performance measurement.

QUESTION 15

In order to promote continued learning and development among staff, a security newsletter can be created to offer interesting and captivating ways of comprehending the points outlined in the policy and standards library. Which of the following is not one the possible article topics to be covered?

QUESTION 16

Which of the following scenarios demonstrates consideration of building consensus on intent?

QUESTION 17

When changes or maintenance need to be performed, it is helpful to use information that describes changes to the organization; these changes often occur when there are common problems concerning compliance.

QUESTION 18

The new class of software available to support policy management and publication is called Governance, Risk, and Compliance (GRC). Which of the following explanations fits the “governance” category of the software?

QUESTION 19

A company that discusses the architecture operating model is well-equipped to identify areas of discord and create a shared set of beliefs on the proper placement and implementation of controls.

QUESTION 20

Transparency is an important concept in policies related to the handling and use of customer data. Organizations should be transparent and should notify individuals of the distribution, use, collection, and maintenance of personally identifiable information (PII). Which of the following elements does not need to be included with regard to handling of customer data?

QUESTION 21

It is human nature to resist working hard unless there is a material outcome to be gained, so the concept of organizational culture is used to identify shared beliefs that employees have regarding financial success.

QUESTION 22

With a framework in place, controls and risk become more measurable. The ability to measure the enterprise against a set of standards and controls assures regulators of compliance and helps reduce uncertainty.

QUESTION 23

A(n)________ aligns strategic goals, operations effectiveness, reporting, and compliance objectives.

QUESTION 24

Of the people working in concert with security teams to ensure data quality and protection, the head of information management is responsible for executing the policies and procedures, such as backup, versioning, uploading, downloading, and database administration.

QUESTION 25

The ________domain establishes the context and business view for a risk evaluation and guarantees that risk activity aligns with the business goals, objectives, and tolerances. The _______ domain establishes that technology risks are identified and delivered to leadership in business terms.

QUESTION 26

As leaders across the organization, the security team reviews the business processes and determines possible risks and threats. The team works closely with the business to understand any existing threats of fraud.

True

False

QUESTION 27

In the organizational structure, the vendor management team is responsible for managing security concerns involving third parties and vendors. This team conducts an assessment on a vendor before data leaves the organization and is processed by a third party. The concept of separation of duties is often put in place to ensure that data is verified before it leaves the organization.

True

False

QUESTION 28

_______ denotes the use of human interactions to gain any kind of desired access. Most often, this term involves exploiting personal relationships by manipulating an individual into granting access to something a person should not have access to.

Security standards provide guidance for achieving specific security policies, are frequently related to particular technologies or products, are used as benchmarks for audit purposes, and are drawn from industry best practices, experience, business drivers, and internal testing.

True

False

2.00000 points

QUESTION 2

Of the roles commonly found in the development, maintenance, and compliance efforts related to a policy and standards library, which of the following has the responsibilities of directing policies and procedures designed to protect information resources, identifying vulnerabilities, and developing a security awareness program?

information resources manager

information resources security officer

control partners

CISO

2.00000 points

QUESTION 3

Though the position of CISO may also be known by many other titles, the CISO role itself is the top-ranking individual with full-time responsibility for information security.

True

False

2.00000 points

QUESTION 4

Because no two organizations are alike, different needs require different solutions, and therefore, security professionals can take advantage of a variety of policy frameworks. That means that each organization can determine the appropriate policy framework to meet its organization’s needs and threats.

True

False

2.00000 points

QUESTION 5

The security posture of an organization is usually expressed in terms of ______, which generally refers to how much risk an organization is willing to accept to achieve its goal, and _______, which relates how much variance in the process an organization will accept.

risk assessment, risk manageability

risk tolerance, risk appetite

risk awareness, risk reduction

risk appetite, risk tolerance

2.00000 points

QUESTION 6

ISO/IEC 27002 covers the three aspects of the information security management program: managerial, operational, and technical activities. All three must be present in any IT security program for comprehensive coverage.

True

False

2.00000 points

QUESTION 7

Security standards provide guidance towards achieving specific security policies. Standards are formal documents that establish: 1) details of how the program runs; 2) who is responsible for day-to-day work; 3) how training and awareness are conducted; and 4) how compliance is handled.

True

False

2.00000 points

QUESTION 8

Motivation consists of being enthusiastic, energized, and engaged to achieve a goal or objective. The three basic elements of motivation are pride, self-interest, and success.

True

False

2.00000 points

QUESTION 9

Successful security policy implementation in the workplace depends on people understanding key concepts and embracing the material. Thus, people need to be motivated to succeed if they are going to implement such policies. There are three basic elements of motivation: pride, self-interest, and success. Which of the following does not occur when these elements are combined?

individual and team motivation

individuals meeting the basic expectations of their job requirements to be successful

satisfied customers

an increase in bottom-line profits

2.00000 points

QUESTION 10

Research shows that projects dedicated to information security policies fail due to eight common perceived missteps. Which of the following is not one of the missteps?

Unclear purpose: This refers to the clarity of value the project brings.

Doubt: This refers to the need for change; it is necessary to explain why what is in place today is not good enough.

Lack of organizational incentives: This refers to the inability to motivate behaviors

Lack of complexity: This refers to an oversimplication of policies that sacrifices depth and nuance.

2.00000 points

QUESTION 11

Because it takes time to change an organization’s culture, the ISO must continually monitor security policy compliance. The ISO reports to leadership on the current effectiveness of the security policies and will also have to ask the business to accept any residual risk or come up with a way to reduce it.

True

False

2.00000 points

QUESTION 12

It is important for an organization to determine how it wants to manage _______, which means how to group various tasks, and_______, which relates to the number of layers and number of direct reports found in an organization.

division of labor, span of control

span of control, division of labor

separation of duties, flat organizational structure

division of labor, separation of duties

2.00000 points

QUESTION 13

One of the basic measurements for assessing whether or not individuals are being held accountable for adherence to security policies is the reported number of security violations by employees. You should investigate any unexplained increases in reported violations to determine why an abnormal number is occurring.

True

False

2.00000 points

QUESTION 14

When going through the steps to create a vision for change, it is valuable to find a leader in your organization who can be an agent of change; someone who doesn’t follow the pack, who can think outside the box, and can steer the organization through the politics of creating change.

True

False

2.00000 points

QUESTION 15

Security controls are measures taken to protect systems from attacks on the integrity, confidentiality, and availability of the system. If a potential employee is required to undergo a drug screening, which of the following controls is being conducted?

preventive security controls

technical security controls

physical security controls

administrative controls

2.00000 points

QUESTION 16

Transparency is an important concept in policies related to the handling and use of customer data. Organizations should be transparent and should notify individuals of the distribution, use, collection, and maintenance of personally identifiable information (PII). Which of the following elements does not need to be included with regard to handling of customer data?

individual participation

purpose specification

response controls

data minimization

2.00000 points

QUESTION 17

The main difference between a revision and an update is that the former consists of minor edits, whereas the latter may require changes of major or minor significance.

True

False

2.00000 points

QUESTION 18

When a company is following the proportionality principle in its policy creation, the security levels, costs, practices, and procedures are all appropriate and proportionate to the degree of reliance on the system and the value of the data.

True

False

2.00000 points

QUESTION 19

One of the vital components of an awareness program is to motivate employees and encourage a healthy organizational culture. Fostering motivation is as significant as mastering a technology because a motivated employee can deal with unpredictable situations and creatively execute policy when needed.

True

False

2.00000 points

QUESTION 20

The_________ principle states that it is important to consider your users or partners when requiring information that could place their privacy rights at risk. Thus, the security of an information system should be balanced against the rights of customers, users, and other people affected by the system versus your rights as the owners and operators of these systems.

democracy

least privilege

separation of duty

adversary

2.00000 points

QUESTION 21

Among the parties who should be given the chance to become a second or third layer of review is the legal department, which should be called upon for insight into the policy development process. They can offer counsel on current legislation that requires certain types of information to be protected in specific ways.

True

False

2.00000 points

QUESTION 22

A(n) _____ _ is a term used to indicate any unwanted event that takes places outside the normal daily security operations. This type of event relates to a breakdown in controls as identified by the security policies.

strategic risk

security event

financial risk

operational risk

2.00000 points

QUESTION 23

The ________domain establishes the context and business view for a risk evaluation and guarantees that risk activity aligns with the business goals, objectives, and tolerances. The _______ domain establishes that technology risks are identified and delivered to leadership in business terms.

risk governance, risk response

risk response, risk evaluation

risk evaluation, risk governance

risk governance, risk evaluation

2.00000 points

QUESTION 24

If a CISO seeks to raise employees’ awareness of the dangers of malware in the organization, which of the following approaches is recommended?

The CISO should distribute a written explanation of the dangers of malware to each employee.

The CISO should arrange for an IT expert on malware to give a presentation to employees.

The CISO should explain the technical way in which malware can infect a machine.

The CISO should talk about how malware could prevent the service desk from helping a customer.

2.00000 points

QUESTION 25

While these two approaches have similarities in terms of the topics they address, ___ will cover broad IT management topics and specify which security controls and management need to be installed; however, ___ does not address how to implement specific controls.

ISO, COBIT

COSO, ITIL

COBIT, ISO

ITIL, COSO

2.00000 points

QUESTION 26

The domains of the risk IT framework mutually inform each other, creating flexibility and agility. It is possible to uncover a potential threat in the risk governance domain and quickly assess its impact using the risk evaluation domain.

True

False

2.00000 points

QUESTION 27

An illustration of ______ would be an organization installing malware software on the network and endpoint, monitoring for suspicious traffic, and responding as needed.

risk governance

disposal of risk

strategic risk

risk evaluation

2.00000 points

QUESTION 28

The members of the ______ committee help create priorities, remove obstacle, secure funding, and serve as a source of authority. Members of the ______ committee, however, are leaders across the organization.

executive, security

security, executive

audit, security

executive, operational risk

Explanation / Answer

Please Note: As per Chegg Answering Guidelines, I have answered the first question. Please Post Separate for Separate Questions.

Q1)

Because no two organizations are alike, different needs require different solutions, and therefore, security professionals can take advantage of a variety of policy frameworks. That means that each organization can determine the appropriate policy framework to meet its organization’s needs and threats.

Answer)

This is True.

When 2 organizations are different, then the applications of the organizations are going to be different as well and thus there will be different needs and different solutions. Security professionals can determine the accurate policy framework suited for the organization and thus determine the appropriate policy framework to meet its organization’s needs and threats.

Related Questions

Navigate

• Browse (All)
• Browse Q
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.