- Description
CMGT 430 Wk 3 – Management of Information Security, Ch. 9 Quiz
Complete the Ch. 9 quiz using the MindTap Access link.
The benefits of ISO certification to organizations achieving it include all of the following EXCEPT:
- Smoother operations
- Reduced costs
- Lower taxes from governments
- Improved public image
Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following?
- Baselining
- Benchmarking
- Best practices
- Due diligence
Which of the following is not a consideration when selecting recommended best practices?
- Organization structure is similar
- Same networking architecture
- Resource expenditures are practical
- Threat environment is similar
Which of the following InfoSec measurement specifications makes it possible to define success in the security program?
- Prioritization and selection
- Development approach
- Establishing targets
- Measurements templates
Problems with benchmarking include all but which of the following?
- Recommended practices change and evolve, thus past performance is no indicator of future success.
- Organizations being benchmarked are seldom identical.
- Organizations don’t often share information on successful attacks.
- Benchmarking doesn’t help in determining the desired outcome of the security process.
What are the legal requirements that an organization adopts a standard based on what a prudent organization should do, and then maintain that standard?
- Due care and due diligence
- Baselining and benchmarking
- Best practices
- Certification and accreditation
Which of the following is not a factor critical to the success of an information security performance measurement program?
- Strong upper level management support
- Results oriented measurement analysis
- High level of employee buy-in
- Quantifiable performance measurements
Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?
- Information system faults
- Baselining
- Benchmarking
- Legal liability
Which of the following is not a question a CISO should be prepared to answer, about a performance measures program, according to Kovacich?
- What affect will measurement collection have on efficiency?
- Who will collect these measurements?
- Why should these measurements be collected?
- Where will these measurements be collected?
Which of the following terms is described as the process of designing, implementing, and managing the use of the collected data elements to determine the effectiveness of the overall security program?
- Standards of due care/diligence
- Baselining
- Performance management
- Best practices