Blog

Security policies that clarify and explain how rights are assigned and approved among employees can ensure that people have only the access needed for their jobs. Which of the following is not accomplished when prior access is removed?

True or False? As leaders across the organization, security committee members review business processes and determines possible risks and threats. The team works closely with the business to understand any existing threats of fraud.

True or False? Basic security awareness training is sufficient for chief information officers (CIOs).

All of the following are true of IT policy frameworks, except:

True or False? The Sarbanes-Oxley (SOX) Act requires publicly traded companies to maintain internal controls that ensure the integrity of financial statements to the Securities and Exchange Commission (SEC) and shareholders.

True or False? As the people responsible for ensuring data quality within the business unit, data stewards are the owners of the data.

True or False? Integrity broadly means limiting disclosure of information to authorized individuals.

The information security program charter is the capstone document for the information security program. This required document establishes the information security program and its framework. Which of the following components is not defined by this high-level policy?

True or False? Though security awareness is widely recommended, the only federal mandate that requires an organization to have a security awareness programs is the Gramm-Leach-Bliley Act.

Which of the following policy frameworks is a widely accepted set of documents that is commonly used as the basis for an information security program and is an ISACA initiative?