Are You an Information Security Governance Expert?

Questions and Answers

Which of the following is a key component of an effective information security governance framework?

An extensive list of potential security threats

A detailed list of all employees and their roles

A comprehensive security strategy linked with business objectives (correct)

A set of regulations that must be followed without exception

What is the purpose of an effective information security governance framework?

To create a complex set of rules and regulations for employees to follow

To limit the impacts of adverse events by providing predictability for operations

To reduce the cost of information security programs

To provide assurance that information assets are protected according to their value or the risk their compromise poses to the organization (correct)

What is the role of metrics and monitoring processes in an information security governance framework?

To create additional regulations for employees to follow

To reduce the need for an effective security organizational structure

To ensure compliance and provide feedback (correct)

To limit the impacts of adverse events by providing predictability for operations