Blog

The __________ domain of the ISACA Risk IT framework provides the business view and context for a risk evaluation. The __________ domain ensures that technology risks are identified and presented to leadership in business terms.

True or False? As an organization matures, so does its business model.

True or False? Of the people working in concert with security teams to ensure data quality and protection, the head of information management is responsible for executing policies and procedures, such as backup, versioning, uploading, and downloading.

Which of the following is not one of the similarities shared by an enterprise risk management (ERM) framework and a governance, risk management, and compliance (GRC) framework?

True or False? When you implement security policies, you sometimes implement culture change as much as security controls.

__________ is a security framework for any organization that accepts, stores, or processes credit cards.

True or False? The better an organization can inventory and map its controls to policies and regulation, the lower its costs to demonstrate compliance.

True or False? In a large organization, the vendor management team manages security concerns with vendors and third parties.

Regarding the risk management three-lines-of-defense model, which of the following dominates the second line of defense?

Assume that the governance committee states that all projects costing more than $70,000 must be reviewed and approved by the chief information officer (CIO) and the IT senior leadership team (SLT). At this point, the CIO has the responsibility to ensure that management processes observe governance rules. For example, the project team might present the proposed project in an SLT meeting for a vote of approval. What does this scenario illustrate about organizational structure?