Blog

Isabelle is a security professional. Her organization is considering a major network upgrade, which could result in the network being down occasionally while new features go live. She is evaluating how much risk her organization is willing to accept to achieve its goal. She is determining the impact on the organization versus the likelihood of a network outage. Which of the following is she attempting to determine?

ISO/IEC 27002, “Information Technology

True or False? When an organization accepts a risk, it needs to monitor the risk and create a detective control.

True or False? COSO is an international governance and controls framework and a widely accepted standard for assessing, governing, and managing IT security and risks.

True or False? In the three-lines-of-defense model of risk management, the enterprise risk management program is responsible for controlling risk on a daily basis.

While these two approaches have similarities in terms of the topics they address, __________ covers broad IT management topics and specifies which security controls and management need to be in place, while __________ goes into more detail on how to implement controls but is less specific about the broader IT management over the controls.

Which of the following standards focuses on the secure configuration of a specific system, device, operating system, or application?

In May 2013, a National Security Agency (NSA) contractor named Edward Snowden leaked thousands of documents to a journalist detailing how the United States implements intelligence surveillance across the Internet. In which of the following sectors did this breach occur?

True or False? The charter establishes the information security program and its framework.

Which of the following statements best captures the role of information security teams in ensuring compliance with laws and regulations?