Blog

True or False? A procedure is a high-level statement, belief, goal, or objective.

True or False? A good source for information on continuous improvement is an employee departing an organization.

Hajar is an IT auditor. She needs to perform a regulatory compliance audit of an IT infrastructure. Which of the following is the least useful resource for this situation?

True or False? Motivated employees are more likely to embrace the implementation of security policies, but this does not correlate to more risks being identified and mitigated for the organization.

The members of the __________ committee help create priorities, remove roadblocks, secure funding, and act as a source of authority. Members of the __________ committee provide important information on the risk appetite of the organization.

True or False? One should focus on measuring risk to the business as opposed to implementation of policies and control when tying policy adherence to performance measurement.

Particular roles within the seven domains of a typical IT infrastructure are responsible for data handling and data quality. Which of the following individuals is responsible for maintaining the quality of data?

Arturo works for a product-testing company. He spends many hours testing the optimal settings for a piece of safety equipment used in factories. One day, the company experiences a power surge that alters the data stored in the testing database. As a result, the company uses incorrect data to recommend equipment settings and jeopardizes the safety of factory workers. Which of the following is most closely related to this scenario?

In the financial services sector, some organizations have implemented a three-lines-of defense model. What does the use of this model suggest about an organization’s structure?

Apathy can have detrimental effects on information security. Engaged communication is one strategy that can be implemented to overcome the effects of apathy. Which of the following statements further elaborates this strategy?