Blog

The security posture of an organization is usually expressed in terms of __________, which generally refers to how much risk an organization is willing to accept to achieve its goal, and __________, which relates how much variance in the process an organization will accept.

True or False? One example of granularity is a policy that requires an email server to have a specific configuration in order to be considered secure.

True or False? The purpose of a consequence model is to track policy violations in employee records.

True or False? A well-defined governance and compliance framework provides a structured approach to governance and compliance.

Which of the following statements best describes the function of guidelines in an IT security framework?

True or False? A person with vendor status directly reports to the vendor company, and that company often manages their access.

True or False? Regarding security policies, the term “granularity” indicates how specific the policy is regarding resources or rules. The less granular the policy, the easier it is to enforce and to detect violations.

True or False? ISO/IEC 27002 covers the three aspects of the information security management program: managerial, operational, and technical activities.

True or False? When creating a company’s security policy, it is not necessary that the scope align with the company’s annual information security budget.

True or False? Risk appetite is often expressed by the impact on the organization and the likelihood of something bad happening.