98%(86)84 out of 86 people found this document helpful
This preview shows page 9 - 13 out of 21 pages.
QUESTION 201.Implementing security policies is easier if you manage it from a changemodel perspective. The first step of this model is to create urgency. Who is responsible for conveying urgency to business leaders?chief information security officerA.B.chief information officerC.chief finance officerD.chief technology officerQUESTION 211._________________describes how to design and implement an information security governance structure, whereas __________________ describes security aspects for employees joining, moving within, or leaving an organization.QUESTION 221.When implementing a framework, the two main considerations for implementation are _____________ and _____________.
QUESTION 231.Policies and standards are a collection of concrete definitions that describe acceptable and unacceptable human behavior. The questions related to_______________ are more appropriate for procedures or guidelines than policies or standards, which require detail that is more at the level of________________.QUESTION 241.Security controls are measures taken to protect systems from attacks on the integrity, confidentiality, and availability of the system. If a potential employee is required to undergo a drug screening, which of the following controls is being conducted?A.preventive security controlsB.technical security controls
C.physical security controlsD.administrative controlsQUESTION 251.Policy and standards often change as a result of business drivers. One such driver, known as ___________________, occurs when business shifts and new systems or processes are incorporated; these business shifts and new systems and processes may differ from what a standard or policy requires.QUESTION 261.A(n) __________________ is a term used to indicate any unwanted event that takes places outside the normal daily security operations. This type of event relates to a breakdown in controls as identified by the security policies.