Blog

True or False? Of the different risks that can occur in an IT security framework, events that transpire outside an organization’s domain of control and impact IT operations fall under the category of operational risks.

Many IT security policy frameworks can often be combined to draw upon each of their strengths. Which of the following is not one of the frameworks?

True or False? Risk tolerance is often expressed in terms of a dollar amount.

Isabelle is a security professional. Her organization is considering a major network upgrade, which could result in the network being down occasionally while new features go live. She is evaluating how much risk her organization is willing to accept to achieve its goal. She is determining the impact on the organization versus the likelihood of a network outage. Which of the following is she attempting to determine?

ISO/IEC 27002, “Information Technology

True or False? When an organization accepts a risk, it needs to monitor the risk and create a detective control.

True or False? COSO is an international governance and controls framework and a widely accepted standard for assessing, governing, and managing IT security and risks.

True or False? In the three-lines-of-defense model of risk management, the enterprise risk management program is responsible for controlling risk on a daily basis.

While these two approaches have similarities in terms of the topics they address, __________ covers broad IT management topics and specifies which security controls and management need to be in place, while __________ goes into more detail on how to implement controls but is less specific about the broader IT management over the controls.

Which of the following standards focuses on the secure configuration of a specific system, device, operating system, or application?