100%(2)2 out of 2 people found this document helpful
This preview shows page 1 - 5 out of 20 pages.
Question 12 out of 2 pointsThe key to security policy is being able to measure compliance against a set of controls. Security controls define ___________ you protect the information. The security policies should define ___________ you set the goal.Question 22 out of 2 pointsIn an attribute based access control (ABAC) model, roles assigned are static, whereas in a role based access control (RBAC), roles are built more dynamically.Question 32 out of 2 pointsCOSO is an international governance and controls framework and a widely accepted standard forassessing, governing, and managing IT security and risks.
Question 42 out of 2 pointsBecause it takes time to change an organization’s culture, the ISO must continually monitor security policy compliance. The ISO reports to leadership on the current effectiveness of the security policies and will also have to ask the business to accept any residual risk or come up with a way to reduce it.Question 52 out of 2 pointsWhich of the following statement states the difference between business liability and a business’s legal obligation? Question 62 out of 2 pointsIn the financial services sector, some organizations have implemented a three-lines-of defense
model. What does the use of this model suggest about an organization’s structure?Question 70 out of 2 pointsA flat network limits what and how computers are able to talk to each other. Many standards require flat networks such as the Payment Card Industry Data Security Standard (PCI DSS). This standard requires a flat network to further protect credit cardholder information.Question 82 out of 2 pointsWhich of the following is not one of the four domains that collectively represents a conceptual information systems security management life cycle?Question 92 out of 2 pointsAlthough an organization’s list of stakeholders will vary depending on the policy being implemented, there are stakeholders who can be seen commonly across organizations. What is