Effective Security Governance Approach Quiz

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of a security governance framework?

  • To enable the organization's governing body to set clear direction and demonstrate commitment to information security and risk management
  • To ensure alignment with overall organization policies and goals
  • To enhance business value and adequately manage risk
  • All of the above (correct)

What is the responsibility of the governing body regarding the organization's information security strategy?

  • To formally approve the information security strategy, policy, and architecture
  • To evaluate the operation of the information security strategy to ensure alignment with business needs
  • To regularly review the organization's risk appetite
  • All of the above (correct)

Who is ultimately responsible for what the organization does in a publicly held company?

  • The risk management committee
  • The information security team
  • The board of directors (correct)
  • Executive managers

Which of the following is NOT a key objective of the security governance framework?

<p>Improving employee productivity (B)</p> Signup and view all the answers

What is the primary responsibility of the governing body in terms of security direction?

<p>To ensure there is effective security direction (C)</p> Signup and view all the answers

Which of the following is NOT a key component of the security governance framework?

<p>Continuous monitoring of security metrics and performance (B)</p> Signup and view all the answers

What is recommended for providing effective security direction?

<p>A single individual (CISO or equivalent executive) responsible for information security (B)</p> Signup and view all the answers

What is the primary role of the CISO according to COBIT 5?

<p>Establishing, maintaining, monitoring, and reviewing the Information Security Management System (ISMS) (A)</p> Signup and view all the answers

Which of the following roles/structures is NOT mentioned in COBIT 5?

<p>Data Protection Officer (DPO) (B)</p> Signup and view all the answers

What is the purpose of the Information Security Steering (ISS) committee according to COBIT 5?

<p>The text does not provide information about the purpose of the ISS committee (A)</p> Signup and view all the answers

What is necessary for ensuring that a security mindset permeates the organization?

<p>Coordination and collaboration with executives, managers, and operations personnel (C)</p> Signup and view all the answers

Flashcards are hidden until you start studying

More Like This

Use Quizgecko on...
Browser
Open
Browser
Browser