Blog

True or False? When an organization accepts a risk, it needs to monitor the risk and create a detective control.

True or False? COSO is an international governance and controls framework and a widely accepted standard for assessing, governing, and managing IT security and risks.

True or False? In the three-lines-of-defense model of risk management, the enterprise risk management program is responsible for controlling risk on a daily basis.

While these two approaches have similarities in terms of the topics they address, __________ covers broad IT management topics and specifies which security controls and management need to be in place, while __________ goes into more detail on how to implement controls but is less specific about the broader IT management over the controls.

Which of the following standards focuses on the secure configuration of a specific system, device, operating system, or application?

In May 2013, a National Security Agency (NSA) contractor named Edward Snowden leaked thousands of documents to a journalist detailing how the United States implements intelligence surveillance across the Internet. In which of the following sectors did this breach occur?

True or False? The charter establishes the information security program and its framework.

Which of the following statements best captures the role of information security teams in ensuring compliance with laws and regulations?

A chief information security officer (CISO) seeks to raise employee awareness of the dangers of malware in the organization. Which of the following is the best approach?

True or False? Disposal of risk demands either adding a control so risk is diffused or accepting the risk.