COBIT 5 Security Directions Quiz

Questions and Answers

PDF Questions PDF Answers

What is the primary responsibility of the information custodians/business owner?

Providing legal input

Advising the committee on compliance risk

Advising on risk from strategic, financial, operational, reputational, and compliance perspectives

Communicating business initiatives that may impact information security (correct)

Which role is responsible for ensuring the successful completion of a project?

Responsible

Consulted

Accountable (correct)

Informed

Which role is expected to deliver or submit the assigned work portion within given deadlines?

Consulted

Informed

Responsible (correct)

Accountable

What is the primary responsibility of the CRO (Chief Risk Officer)?

Advising on risk from strategic, financial, operational, reputational, and compliance perspectives

Which role is expected to be consulted prior to a decision or action?

Consulted

Which role is expected to be informed of decision making or actions after they occur?

Informed

What is the primary role of the CISO?

To oversee the Information Security Manager (ISM) and provide high-level oversight of information security

What is the primary focus of the Information Security Steering (ISS) committee?

Ensuring that security policies and practices are effectively implemented and monitored

Which of the following is NOT a suggested member of the ISS committee?

Chief Financial Officer (CFO)

What is the primary responsibility of the information custodians/business owners in the ISS committee?

Communicating business initiatives that may impact information security and information security practices that may impact the user community

Which of the following is a suggested member of the Enterprise Risk Management (ERM) committee?

Chief Executive Officer (CEO)

What is the primary role of the CISO in the ERM committee?

To provide the committee with advice on specific information risks