Information Security Program Foundations

Questions and Answers

What forms the foundation for information security architecture and blueprint?

• Contingency planning
• Coordinated planning
• Policies, standards, and practices (correct)
• Strategic planning

What does strategic planning focus on in the context of management?

• Defining board responsibilities
• Preparation for uncertain business environment
• Allocation of resources (correct)
• Setting up policies

What is the goal of information security governance as described in the text?

• Validation of risk management practices
• Measurement of progress toward objectives (correct)
• Establishment of policies
• Preparation for uncertain business environment

Which level of planning helps translate an organization’s strategic plans into tactical objectives?

Coordinated planning (B)

What does information security governance focus on verifying or validating?

Proper use of assets (C)

What is the role of policies in information security planning according to the text?

Policies dictate acceptable and unacceptable behavior within an organization. (B)

Which of the following is NOT one of the five outcomes of information security governance mentioned in the text?

Technological innovation (A)

What is the primary function of standards in relation to policies according to the text?

Standards detail how to comply with policy. (B)

In information security governance, what is the purpose of performance measurement according to the text?

To evaluate how well security controls are functioning. (C)

Why should security policies be disseminated, read, understood, and agreed to by all members of an organization according to the text?

To ensure uniform enforcement and compliance with policies. (C)