Blog

True or False? A person with vendor status directly reports to the vendor company, and that company often manages their access.

True or False? Regarding security policies, the term “granularity” indicates how specific the policy is regarding resources or rules. The less granular the policy, the easier it is to enforce and to detect violations.

True or False? ISO/IEC 27002 covers the three aspects of the information security management program: managerial, operational, and technical activities.

True or False? When creating a company’s security policy, it is not necessary that the scope align with the company’s annual information security budget.

True or False? Risk appetite is often expressed by the impact on the organization and the likelihood of something bad happening.

True or False? When situations arise in which an organization cannot meet one or more standards immediately, it is important to recognize an exception to standards to determine where problems may exist.

If a security policy clearly distinguishes the responsibilities of computer services providers from those of the managers of applications who use the computer services, which of the following goals is served?

Carl is a security professional. He needs to ensure the confidentiality of his company’s emails. Which of the following would be least helpful in ensuring confidentiality?

True or False? Of the different risks that can occur in an IT security framework, events that transpire outside an organization’s domain of control and impact IT operations fall under the category of operational risks.

Many IT security policy frameworks can often be combined to draw upon each of their strengths. Which of the following is not one of the frameworks?