The risk treatment option of applying controls to reduce risk is known as:
View Feedback |
The risk treatment option of deliberately operating without applying one of the other treatment options available is known as
View Feedback |
A security policy must be so written that it can be understood by
View Feedback |
These are created by various third-party organizations and are designed to provide a framework to assist organizations in building their information security program
View Feedback |
Residual risk is defined as
View Feedback |
Compliance is the act of conforming to:
View Feedback |
The risk treatment option of reassigning accountability for a risk to another entity or organization is known as
View Feedback |
These exist to guide the processes of identifying, treating, and monitoring information security risks in an organization.
View Feedback |
Controls are implemented to:
View Feedback |
__________ is a central repository where risks and risk treatments are stored and regularly reviewed.
View Feedback |
If you were CISO of a company that primarily does business with the U.S. government and had to design an information security program which framework would be most appropriate?
View Feedback |
What financial tool would a CISO use to ensure that the cost of security controls cannot exceed the value of the information or assets being protected?
View Feedback |
Which of the following articles has the least impact on the development of an organization’s information security policies, standards, and procedures?
View Feedback |
Governance, Risk, and _______ are the 3 things that account for nearly half of a CISO’s time.
View Feedback |
If a risk would cause $800,000 in damages and $200,000 in clean-up costs and the likelihood of the risk manifesting is 5%, what would be the Annual Loss Expectation?
View Feedback |
The maturity of an organization influences governance which influences the governance of the information security program. What size company would be more likely to have a higher level of maturity?
View Feedback |
How would you demonstrate an organization’s commitment to adhere to legal and regulatory requirements?
View Feedback |
In the case of business leadership choosing an alternate risk treatment than what the CISO recommended, what position does the CISO take?