100%(16)16 out of 16 people found this document helpful
This preview shows page 10 - 12 out of 15 pages.
1 points SavedSavedTrueFalseQUESTION 81The chief executive officer (CEO) usually approves and signs the information security programcharter because the charter establishes the responsibility for information security within theorganization. However, it is not important that senior leadership expresses support for theinformation security program. However, it is most important that the chief information securityofficer (CISO) approves and issues the framework for IT security policies.1 points SavedSavedTrueFalseQUESTION 82In 2002, the U.S. Senate passed the Sarbanes-Oxley (SOX) Act, which was passed in the wake ofthe collapse of Enron, Arthur Andersen, WorldCom, and several other large firms. SOX requirespublicly traded companies to maintain internal controls. The controls ensure the integrity offinancial statements to the Securities and Exchange Commission (SEC) and shareholders. As aresult of this mandate, these internal controls are now highly scrutinized.1 points SavedSavedTrueFalseQUESTION 83One of the components of a useful structure for issue-specific standards is the points of contactsection, which lists the areas of the organization responsible for the implementation of policies.Those in these areas are the subject matter experts, or SMEs, who interpret the policy and ensurethat there are controls to enforce the policy. This section may also identify other applicablestandards or guidelines.1 points SavedSavedTrueFalseQUESTION 84ISO/IEC 27002 covers the three aspects of the information security management program:managerial, operational, and technical activities. All three must be present in any IT securityprogram for comprehensive coverage.1 points SavedSavedQUESTION 85In a (n) ____________________, there are policies, standards, baselines, procedures, guidelines,and taxonomy.asset management policyIT policy frameworkcontrol standardrisk assessment policy1 points SavedSaved
3/3/2019Take Test: Mid-Term Exam – 2019_SPR_MAIN_Operations ...…11/15QUESTION 86Which of the following policy frameworks is a widely accepted set of documents that is commonlyused as the basis for an information security program, and is an initiative from ISACA, formerlyknown as the Information Systems Audit and Control Association?SO/IEC 27000 seriesControl Objectives for Information and related Technology (COBIT)(SP) 800-53, “Recommended Security Controls for Federal Information Systems andOrganizations”Sarbanes-Oxley (SOX) Act Approved Framework1 points SavedSavedTrueFalseQUESTION 87One example of granularity is a policy that requires an e-mail server to have a specificconfiguration in order to be considered secure and a server-based monitoring tool that can reportthe configuration and compliance to the appropriate personnel. In this scenario, the policy isappropriately fine-grained and automates enforcement.