Blog

__________ is a security framework for any organization that accepts, stores, or processes credit cards.

True or False? The better an organization can inventory and map its controls to policies and regulation, the lower its costs to demonstrate compliance.

True or False? In a large organization, the vendor management team manages security concerns with vendors and third parties.

Regarding the risk management three-lines-of-defense model, which of the following dominates the second line of defense?

Assume that the governance committee states that all projects costing more than $70,000 must be reviewed and approved by the chief information officer (CIO) and the IT senior leadership team (SLT). At this point, the CIO has the responsibility to ensure that management processes observe governance rules. For example, the project team might present the proposed project in an SLT meeting for a vote of approval. What does this scenario illustrate about organizational structure?

True or False? A procedure is a high-level statement, belief, goal, or objective.

True or False? A good source for information on continuous improvement is an employee departing an organization.

Hajar is an IT auditor. She needs to perform a regulatory compliance audit of an IT infrastructure. Which of the following is the least useful resource for this situation?

True or False? Motivated employees are more likely to embrace the implementation of security policies, but this does not correlate to more risks being identified and mitigated for the organization.

The members of the __________ committee help create priorities, remove roadblocks, secure funding, and act as a source of authority. Members of the __________ committee provide important information on the risk appetite of the organization.