COBIT 5 Security Directions Quiz

Questions and Answers

What is the primary responsibility of the information custodians/business owner?

• Providing legal input
• Advising the committee on compliance risk
• Advising on risk from strategic, financial, operational, reputational, and compliance perspectives
• Communicating business initiatives that may impact information security (correct)

Which role is responsible for ensuring the successful completion of a project?

• Responsible
• Consulted
• Accountable (correct)
• Informed

Which role is expected to deliver or submit the assigned work portion within given deadlines?

• Consulted
• Informed
• Responsible (correct)
• Accountable

What is the primary responsibility of the CRO (Chief Risk Officer)?

Advising on risk from strategic, financial, operational, reputational, and compliance perspectives (B)

Which role is expected to be consulted prior to a decision or action?

Consulted (B)

Which role is expected to be informed of decision making or actions after they occur?

Informed (A)

What is the primary role of the CISO?

To oversee the Information Security Manager (ISM) and provide high-level oversight of information security (A)

What is the primary focus of the Information Security Steering (ISS) committee?

Ensuring that security policies and practices are effectively implemented and monitored (A)

Which of the following is NOT a suggested member of the ISS committee?

Chief Financial Officer (CFO) (D)

What is the primary responsibility of the information custodians/business owners in the ISS committee?

Communicating business initiatives that may impact information security and information security practices that may impact the user community (B)

Which of the following is a suggested member of the Enterprise Risk Management (ERM) committee?

Chief Executive Officer (CEO) (D)

What is the primary role of the CISO in the ERM committee?

To provide the committee with advice on specific information risks (A)