Blog

True or False? Basic security awareness training is sufficient for chief information officers (CIOs).

All of the following are true of IT policy frameworks, except:

True or False? The Sarbanes-Oxley (SOX) Act requires publicly traded companies to maintain internal controls that ensure the integrity of financial statements to the Securities and Exchange Commission (SEC) and shareholders.

True or False? As the people responsible for ensuring data quality within the business unit, data stewards are the owners of the data.

True or False? Integrity broadly means limiting disclosure of information to authorized individuals.

The information security program charter is the capstone document for the information security program. This required document establishes the information security program and its framework. Which of the following components is not defined by this high-level policy?

True or False? Though security awareness is widely recommended, the only federal mandate that requires an organization to have a security awareness programs is the Gramm-Leach-Bliley Act.

Which of the following policy frameworks is a widely accepted set of documents that is commonly used as the basis for an information security program and is an ISACA initiative?

True or False? Best practices are typically the common practices and the professional care expected for an industry.

The security posture of an organization is usually expressed in terms of __________, which generally refers to how much risk an organization is willing to accept to achieve its goal, and __________, which relates how much variance in the process an organization will accept.