What is the purpose of information security governance?

To give management visibility into and control of information security matters

To control all security-related activities in the organization

To permit the organization to control all information security–related activities

To permit the CISO to control the business and its priorities

Who should be accountable for the success of an organization’s information security program?

Board of directors or equivalent governing body

Who should approve access requests to a particular application that stores and processes customer information?

Business owner or their delegate

CISM Chapter 1

Professional Development

•

10 Qs

Similar activities

TalentNext Test Day-13-Core Java Topics

Professional Development

•

10 Qs

Operate Scissor Lift

Professional Development

•

10 Qs

IBEX A-ISB

Professional Development

•

10 Qs

MS402 - Platoon Leadership

Professional Development

•

11 Qs

Social Media & Education

Professional Development

•

10 Qs

PKN dan IPS PPPK

Professional Development

•

10 Qs

Creativity in Classroom Teaching

Professional Development

•

13 Qs

TCW 1

Professional Development

•

15 Qs

CISM Chapter 1

Quiz

•

Professional Development

•

Professional Development

•

Practice Problem

•

Hard

Anna Löfgren

Used 9+ times

FREE Resource

10 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The entity that is ultimately responsible for security governance is:

Chief information officer

Chief information security officer

Board of directors

Chief risk officer

Answer explanation

Correct answer:
"Board of directors"
The organization’s board of directors is ultimately responsible for security
governance.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An acceptable use policy is likely to contain all of the following except:

Rules regarding the use of personally owned assets

Permitted uses of corporate assets

Data retention requirements

Protection of sensitive information

Answer explanation

Correct answer:
"Data retention requirements"
An acceptable use policy (AUP) is likely to contain statements about the use
of corporate assets, personally owned assets, and information protection. Data
retention requirements are not likely to be included.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The best definition of governance is:

Corporate policies and procedures

Management control of business functions

Regular reporting of metrics and key performance indicators (KPIs)

Formal roles and responsibilities documented in a RACI chart

Answer explanation

Correct answer:
"Management control of business functions"
Governance is best defined as management’s control over business functions
throughout an organization.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Under what circumstances would an organization elect to disregard a regulation and pay fines instead of complying?

The cost of the fines is less than the cost of compliance.

The cost of compliance is less than the cost of fines.

Management elected to transfer the risk.

Management elected to avoid the risk.

Answer explanation

Correct answer:
"The cost of the fines is less than the cost of compliance."

While choosing to pay fines in lieu of compliance is uncommon, it is the best answer among the choices listed.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A database administrator (DBA) is typically responsible for all of the following except which one?

Database performance tuning

Database troubleshooting

Database capacity management

Database design

Answer explanation

Correct answer:
"Database design"

The role of database design is generally shared between the DBA and software developers/architects or is owned entirely by software developers or architects.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the most appropriate person or group to determine applicability of a cybersecurity-related regulation?

Chief information security officer (CISO)

Chief legal counsel

Chief information risk officer (CIRO)

Security governance committee

Answer explanation

Correct answer:
"Chief legal counsel"
Only legal counsel should be determining applicability of potentially relevant laws and regulations.
None of the other is an appropriate party to interpret regulations.

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

A business executive has delegated responsibility for granting access requests to the IT department. The IT department in this role is functioning as the:

Accountable

Owner

Custodian

User

Answer explanation

Correct answer is:
"Custodian"
IT is acting as a custodian in the access request process for the business application.
The business executive remains accountable for the operation. The business executive continues in the role of the system owner. IT is not the user.

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

REFRESH PERSONAL LOCK HOLDER

Quiz

•

Professional Development

10 questions

AWS Amazon VPC

Quiz

•

Professional Development

10 questions

Activism : Be Seen Be Heard

Quiz

•

Professional Development

15 questions

ENGLISH GRAMMAR

Quiz

•

5th Grade - Professio...

15 questions

5S Concepts Quiz

Quiz

•

Professional Development

15 questions

Accepting Change Quiz

Quiz

•

Professional Development

15 questions

Breakthrough Performance

Quiz

•

Professional Development

10 questions

Incoterm 2020

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

15 questions

Equivalent Fractions

Quiz

•

4th Grade

20 questions

Figurative Language Review

Quiz

•

6th Grade

Discover more resources for Professional Development

10 questions

How to Email your Teacher

Quiz

•

Professional Development

CISM Chapter 1

10 questions

The entity that is ultimately responsible for security governance is:

Correct answer:
"Board of directors"
The organization’s board of directors is ultimately responsible for security
governance.

An acceptable use policy is likely to contain all of the following except:

Correct answer:
"Data retention requirements"
An acceptable use policy (AUP) is likely to contain statements about the use
of corporate assets, personally owned assets, and information protection. Data
retention requirements are not likely to be included.

The best definition of governance is:

Correct answer:
"Management control of business functions"
Governance is best defined as management’s control over business functions
throughout an organization.

Under what circumstances would an organization elect to disregard a regulation and pay fines instead of complying?

Correct answer:
"The cost of the fines is less than the cost of compliance."

While choosing to pay fines in lieu of compliance is uncommon, it is the best answer among the choices listed.

A database administrator (DBA) is typically responsible for all of the following except which one?

Correct answer:
"Database design"

The role of database design is generally shared between the DBA and software developers/architects or is owned entirely by software developers or architects.

What is the most appropriate person or group to determine applicability of a cybersecurity-related regulation?

Correct answer:
"Chief legal counsel"
Only legal counsel should be determining applicability of potentially relevant laws and regulations.
None of the other is an appropriate party to interpret regulations.

A business executive has delegated responsibility for granting access requests to the IT department. The IT department in this role is functioning as the:

Correct answer is:
"Custodian"
IT is acting as a custodian in the access request process for the business application.
The business executive remains accountable for the operation. The business executive continues in the role of the system owner. IT is not the user.

What is the purpose of information security governance?

Correct answer:
"To give management visibility into and control of information security matters"
The purpose of security governance is to give management (specifically, executive management) visibility into and control of all things related to information security.

Who should be accountable for the success of an organization’s information security program?

Correct answer:
"Board of directors or equivalent governing body"
The board of directors or equivalent governing body must bear ultimate responsibility for the success of an organization’s information security program.

Who should approve access requests to a particular application that stores and processes customer information?

Correct answer:
"Business owner or their delegate"
The best party to approve access requests to an application is the business owner of the application, who may be an executive or department head. Sometimes, however, this responsibility may be delegated to others.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

CISM Chapter 1

10 questions

The entity that is ultimately responsible for security governance is:

Correct answer:"Board of directors"The organization’s board of directors is ultimately responsible for securitygovernance.

An acceptable use policy is likely to contain all of the following except:

Correct answer:"Data retention requirements"An acceptable use policy (AUP) is likely to contain statements about the useof corporate assets, personally owned assets, and information protection. Dataretention requirements are not likely to be included.

The best definition of governance is:

Correct answer:"Management control of business functions"Governance is best defined as management’s control over business functionsthroughout an organization.

Under what circumstances would an organization elect to disregard a regulation and pay fines instead of complying?

Correct answer:"The cost of the fines is less than the cost of compliance."While choosing to pay fines in lieu of compliance is uncommon, it is the best answer among the choices listed.

A database administrator (DBA) is typically responsible for all of the following except which one?

Correct answer:"Database design"The role of database design is generally shared between the DBA and software developers/architects or is owned entirely by software developers or architects.

What is the most appropriate person or group to determine applicability of a cybersecurity-related regulation?

Correct answer:"Chief legal counsel"Only legal counsel should be determining applicability of potentially relevant laws and regulations.None of the other is an appropriate party to interpret regulations.

A business executive has delegated responsibility for granting access requests to the IT department. The IT department in this role is functioning as the:

Correct answer is:"Custodian"IT is acting as a custodian in the access request process for the business application.The business executive remains accountable for the operation. The business executive continues in the role of the system owner. IT is not the user.

What is the purpose of information security governance?

Correct answer:"To give management visibility into and control of information security matters"The purpose of security governance is to give management (specifically, executive management) visibility into and control of all things related to information security.

Who should be accountable for the success of an organization’s information security program?

Correct answer:"Board of directors or equivalent governing body"The board of directors or equivalent governing body must bear ultimate responsibility for the success of an organization’s information security program.

Who should approve access requests to a particular application that stores and processes customer information?

Correct answer:"Business owner or their delegate"The best party to approve access requests to an application is the business owner of the application, who may be an executive or department head. Sometimes, however, this responsibility may be delegated to others.

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development

Correct answer:
"Board of directors"
The organization’s board of directors is ultimately responsible for security
governance.

Correct answer:
"Data retention requirements"
An acceptable use policy (AUP) is likely to contain statements about the use
of corporate assets, personally owned assets, and information protection. Data
retention requirements are not likely to be included.

Correct answer:
"Management control of business functions"
Governance is best defined as management’s control over business functions
throughout an organization.

Correct answer:
"The cost of the fines is less than the cost of compliance."

While choosing to pay fines in lieu of compliance is uncommon, it is the best answer among the choices listed.

Correct answer:
"Database design"

The role of database design is generally shared between the DBA and software developers/architects or is owned entirely by software developers or architects.

Correct answer:
"Chief legal counsel"
Only legal counsel should be determining applicability of potentially relevant laws and regulations.
None of the other is an appropriate party to interpret regulations.

Correct answer is:
"Custodian"
IT is acting as a custodian in the access request process for the business application.
The business executive remains accountable for the operation. The business executive continues in the role of the system owner. IT is not the user.

Correct answer:
"To give management visibility into and control of information security matters"
The purpose of security governance is to give management (specifically, executive management) visibility into and control of all things related to information security.

Correct answer:
"Board of directors or equivalent governing body"
The board of directors or equivalent governing body must bear ultimate responsibility for the success of an organization’s information security program.

Correct answer:
"Business owner or their delegate"
The best party to approve access requests to an application is the business owner of the application, who may be an executive or department head. Sometimes, however, this responsibility may be delegated to others.