Blog

If a security policy clearly distinguishes the responsibilities of computer services providers from those of the managers of applications who use the computer services, which of the following goals is served?

Carl is a security professional. He needs to ensure the confidentiality of his company’s emails. Which of the following would be least helpful in ensuring confidentiality?

True or False? Of the different risks that can occur in an IT security framework, events that transpire outside an organization’s domain of control and impact IT operations fall under the category of operational risks.

Many IT security policy frameworks can often be combined to draw upon each of their strengths. Which of the following is not one of the frameworks?

True or False? Risk tolerance is often expressed in terms of a dollar amount.

Isabelle is a security professional. Her organization is considering a major network upgrade, which could result in the network being down occasionally while new features go live. She is evaluating how much risk her organization is willing to accept to achieve its goal. She is determining the impact on the organization versus the likelihood of a network outage. Which of the following is she attempting to determine?

ISO/IEC 27002, “Information Technology

True or False? When an organization accepts a risk, it needs to monitor the risk and create a detective control.

True or False? COSO is an international governance and controls framework and a widely accepted standard for assessing, governing, and managing IT security and risks.

True or False? In the three-lines-of-defense model of risk management, the enterprise risk management program is responsible for controlling risk on a daily basis.