47%(53)25 out of 53 people found this document helpful
This preview shows page 52 - 57 out of 59 pages.
a replicated operating modelservice integrationservice standardizationa diversified operating model1 points QUESTION 106COSO is an international governance and controls framework and a widely accepted standard forassessing, governing, and managing IT security and risks.TrueFalse
1 points QUESTION 107While these two approaches have similarities in terms of the topics they address, ________ will cover broad IT management topics and specify which security controls and management need tobe installed; however, ________ does not address how to implement specific controls.ISO, COBITCOSO, ITILCOBIT, ISOITIL, COSO1 points QUESTION 108If a CISO seeks to raise employees’ awareness of the dangers of malware in the organization, which of the following approaches is recommended?The CISO should distribute a written explanation of the dangers of malware to each employee.The CISO should arrange for an IT expert on malware to give a presentation to employees.
The CISO should explain the technical way in which malware can infect a machine.The CISO should talk about how malware could prevent the service desk from helping a customer.1 points QUESTION 109In general, when individuals work effectively in isolation they are less likely to need or benefit from organizational support. Thus, risk management is accomplished because organizational efficiency is achieved.TrueFalse1 points QUESTION 110The security operations team has the responsibility of monitoring intrusions and breaches in the form of firewalls and network traffic. When the team finds a breach, they notify independent auditors who aid in the recovery of the business and will provide an assessment of how the breach occurred.TrueFalse1 points
QUESTION 111There are many IT security policy frameworks that can often be combined to draw upon each of their strengths. Which of the following is not one of the frameworks?COSO for financial controls and enterprise risk management structureCOBIT for IT controls, governance, and risk managementITIL for IT services managementGRC for IT operations, governance, risk management, and compliance1 points QUESTION 112The members of the _________________ committee help create priorities, remove obstacle, secure funding, and serve as a source of authority. Members of the _______________ committee, however, are leaders across the organization.executive, securitysecurity, executiveaudit, security
executive, operational risk1 points QUESTION 113In the three-lines-of-defense model of risk management, the second line of defense is the business unit (BU), which is responsible for controlling risk on a daily basis. The BU locates risk, assesses the impact, and mitigates the risk whenever possible.TrueFalse1 points QUESTION 114An illustration of ________________ would be an organization installing malware software on the network and endpoint, monitoring for suspicious traffic, and responding as needed.