Cybersecurity CH2: Security Governance Quiz

Questions and Answers

What does the 'R' in RACI stand for?

• Consulted
• Informed
• Responsible (correct)
• Accountable

Who is typically considered 'Accountable' in the RACI model?

• The team leader or project coordinator (correct)
• The technical professional
• The person being informed
• The business unit manager

Which type of stakeholder is 'Consulted' in the RACI model?

• The person who needs to be informed about the activity
• The person accountable for the activity
• The person responsible for the activity
• The stakeholder who should be included in decision-making or work activity (correct)

Who is typically considered 'Informed' in the RACI model?

The person who needs to know about the decision-making or actions after they occur (C)

What is the purpose of a RACI chart in the COBIT responsibility model?

To formalize the responsibilities of all employees regarding key activities performance (B)

Which of the three categories of Security Governance Evaluation Metrics is mentioned in the text?

Executive management support (D)

What does the text say about the role of executive management support in promoting a culture of secure practices?

Executive management security awareness and support promotes a culture of secure practices. (C)

What is the primary purpose of the RACI chart in the COBIT responsibility model?

To formalize the responsibilities of all employees (B)

Which of the following is NOT a responsibility defined in the RACI model?

Directed (C)

What is the relationship between the RACI model and the COBIT responsibility model?

The RACI model is formalized through a RACI chart matrix attached to all 34 COBIT processes. (D)

Flashcards are hidden until you start studying