Blog

The information security program charter is the capstone document for the information security program. This required document establishes the information security program and its framework. Which of the following components is not defined by this high-level policy?

True or False? Though security awareness is widely recommended, the only federal mandate that requires an organization to have a security awareness programs is the Gramm-Leach-Bliley Act.

Which of the following policy frameworks is a widely accepted set of documents that is commonly used as the basis for an information security program and is an ISACA initiative?

True or False? Best practices are typically the common practices and the professional care expected for an industry.

The security posture of an organization is usually expressed in terms of __________, which generally refers to how much risk an organization is willing to accept to achieve its goal, and __________, which relates how much variance in the process an organization will accept.

True or False? One example of granularity is a policy that requires an email server to have a specific configuration in order to be considered secure.

True or False? The purpose of a consequence model is to track policy violations in employee records.

True or False? A well-defined governance and compliance framework provides a structured approach to governance and compliance.

Which of the following statements best describes the function of guidelines in an IT security framework?

True or False? A person with vendor status directly reports to the vendor company, and that company often manages their access.