59%(73)43 out of 73 people found this document helpful
This preview shows page 9 - 10 out of 16 pages.
TrueFalseQUESTION 63Because it takes time to change an organization’s culture, the ISO must continually monitor securitypolicy compliance. The ISO reports to leadership on the current effectiveness of the security policiesand will also have to ask the business to accept any residual risk or come up with a way to reduce it.2.00000 points Save AnswerQUESTION 64Successful security policy implementation in the workplace depends on people understanding keyconcepts and embracing the material. Thus, people need to be motivated to succeed if they are goingto implement such policies. There are three basic elements of motivation: pride, self-interest, andsuccess. Which of the following does not occur when these elements are combined?2.00000 points Save AnswerSave AnswerQUESTION 65It is important for an organization to determine how it wants to manage ____________________, whichmeans how to group various tasks, and____________________, which relates to the number of layersand number of direct reports found in an organization.2.00000 points Save AnswerSave AnswerQUESTION 66Continuous improvement relies on people telling you what is and isn’t working, and a good source forthis information is an employee departing a company.2.00000 points Save AnswerSave AnswerQUESTION 67It is important that an effective roll out of information security policies prioritizes good communications.Which of the following is not among the points to be included in a good communication approach?Be clear—avoid technical jargon when possible.use many channels—reinforce the message as many times as possible.Say “thank you”—acknowledge the efforts both to create and to implement the security policies.Be withholding—it is important to keep the main impact of the policy confidential.2.00000 points Save AnswerQUESTION 68Implementing security policies is easier if you manage it from a change model perspective. The firststep of this model is to create urgency. Who is responsible for conveying urgency to business leaders?