Which of the following is the MOST important factor when designing information security architecture? Explanation: The most important factor for information security is that it advances the interests of the business, as defined by stakeholder requirements.
Which of the following would be the most important goal of an information security governance program?
Which of the following would be the MOST important goal of an information security governance program? The development of trust in the integrity of information among stakeholders should be the primary goal of information security governance.
When an organization hires a new information security manager Which of the following goals should this individual pursue first?
When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST? Explanation: New information security managers should seek to build rapport and establish lines of communication with senior management to enlist their support.
Which of the following is most important to consider when developing a business case to support the investment in an information security program?
Which of the following is MOST important to consider when developing a business case to support the investment in an information security program? Explanation: The information security manager must understand the business risk profile of the organization.
What is the most important role of an organization’s data custodian in support of the information security function?
The data custodian is responsible for the maintenance and protection of data. This role is usually filled by the IT department.
Which of the following actions should the information security manager take first on finding that current controls are not sufficient to prevent a serious compromise?
Which of the following actions should the information security manager take FIRST on finding that current controls are not sufficient to prevent a serious compromise? Reassess the risk.
Which of the following should be done first when implementing an information security strategy?
While implementing information security governance an organization should FIRST:
- establish security policies.
- adopt security standards.
- determine security baselines.
- define the security strategy.
Which of the following is the information security manager’s primary role in the information assets classification process?
Explanation: Defining and ratifying the classification structure of information assets is the primary role of the information security manager in the process of information classification within the organization.
What is the role of a data custodian?
Data Custodians are central or distributed university units or computer system administrators responsible for the operation and management of systems and servers which collect, manage and provide access to institutional data. Data Custodians must be authorized by the appropriate Data Steward.
What is the most important security objective in creating good procedures to meet the requirements of a relevant policy?
An important objective of a security strategy is to implement cost-effective controls that ensure that residual risk remains within the organization’s risk tolerance levels.
What is the role of a data steward or data custodian in an organization?
The data custodian is generally the person (or agency) who is responsible for the data and managing the data’s lifecycle. The custodian is generally NOT the owner of the data, although in the government context the custodian may be a person within the agency that does own the data.