Cybersecurity CH2: Security Governance Quiz

Questions and Answers

What does the 'R' in RACI stand for?

Consulted

Informed

Responsible (correct)

Accountable

Who is typically considered 'Accountable' in the RACI model?

The team leader or project coordinator (correct)

The technical professional

The person being informed

The business unit manager

Which type of stakeholder is 'Consulted' in the RACI model?

The person who needs to be informed about the activity

The person accountable for the activity

The person responsible for the activity

The stakeholder who should be included in decision-making or work activity (correct)

Who is typically considered 'Informed' in the RACI model?

The person who needs to know about the decision-making or actions after they occur

What is the purpose of a RACI chart in the COBIT responsibility model?

To formalize the responsibilities of all employees regarding key activities performance

Which of the three categories of Security Governance Evaluation Metrics is mentioned in the text?

Executive management support

What does the text say about the role of executive management support in promoting a culture of secure practices?

Executive management security awareness and support promotes a culture of secure practices.

What is the primary purpose of the RACI chart in the COBIT responsibility model?

To formalize the responsibilities of all employees

Which of the following is NOT a responsibility defined in the RACI model?

Directed

What is the relationship between the RACI model and the COBIT responsibility model?

The RACI model is formalized through a RACI chart matrix attached to all 34 COBIT processes.