Blog

True or False? A well-defined governance and compliance framework provides a structured approach to governance and compliance.

Which of the following statements best describes the function of guidelines in an IT security framework?

True or False? A person with vendor status directly reports to the vendor company, and that company often manages their access.

True or False? Regarding security policies, the term “granularity” indicates how specific the policy is regarding resources or rules. The less granular the policy, the easier it is to enforce and to detect violations.

True or False? ISO/IEC 27002 covers the three aspects of the information security management program: managerial, operational, and technical activities.

True or False? When creating a company’s security policy, it is not necessary that the scope align with the company’s annual information security budget.

True or False? Risk appetite is often expressed by the impact on the organization and the likelihood of something bad happening.

True or False? When situations arise in which an organization cannot meet one or more standards immediately, it is important to recognize an exception to standards to determine where problems may exist.

If a security policy clearly distinguishes the responsibilities of computer services providers from those of the managers of applications who use the computer services, which of the following goals is served?

Carl is a security professional. He needs to ensure the confidentiality of his company’s emails. Which of the following would be least helpful in ensuring confidentiality?