10 Questions
What is the main purpose of a security policy?
To establish minimum standards and best practices for security
What type of action does an 'Advisory' security policy indicate?
Actions that are optional but recommended
In the context of a security policy, what does the term 'Baseline' refer to?
The minimum security required for a system or process
What distinguishes 'Regulatory' security policies from 'Advisory' and 'Informative' policies?
They address industry regulations regarding organizations' conduct
What should a password policy mainly establish in an organization?
Minimum standards and best practices for password security
What is the main difference between the 'defend' and 'mitigate' risk control strategies?
Defend involves applying policies, while mitigate involves contingency planning.
What is the primary purpose of an Information Security Policy?
To convey instructions to employees
What is the difference between a 'policy' and a 'standard' in terms of security documents?
A policy conveys management intentions, while a standard is about compliance.
In the context of information security, what does 'governance' refer to?
Establishing and maintaining a framework to align security strategies with business objectives
Why are security policies considered organizational laws?
Because employees must abide by them
Test your knowledge on risk management strategies like defend, mitigate, transfer, accept, and terminate, as well as information security components including information security policy, security architecture, and contingency planning.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free