Blog

True or False? Where governance, risk management, and compliance (GRC) takes a broad look at risk, enterprise risk management (ERM) is technology-focused.

True or False? Security standards provide guidance towards achieving specific security policies.

True or False? It is possible to discover a potential threat in the Risk Governance domain of the ISACA Risk IT framework and quickly assess its impact using theRisk Evaluation domain.

In an issue-specific standard, the __________ section defines a security issue and any relevant terms, distinctions, and conditions.

True or False? While procedures and standards describe the “how” of configuring security devices to implement the policy, security policies provide the “what” and “why” of security measures.

The __________ domain of the ISACA Risk IT framework provides the business view and context for a risk evaluation. The __________ domain ensures that technology risks are identified and presented to leadership in business terms.

True or False? As an organization matures, so does its business model.

True or False? Of the people working in concert with security teams to ensure data quality and protection, the head of information management is responsible for executing policies and procedures, such as backup, versioning, uploading, and downloading.

Which of the following is not one of the similarities shared by an enterprise risk management (ERM) framework and a governance, risk management, and compliance (GRC) framework?

True or False? When you implement security policies, you sometimes implement culture change as much as security controls.