CMGT 430 Wk 3 – Management of Information Security, Ch. 9 Quiz

0 items
CMGT 430 Wk 3 - Management of Information Security, Ch. 9 Quiz
CMGT 430 Wk 3 – Management of Information Security, Ch. 9 Quiz
$6.00
  • Description

CMGT 430 Wk 3 – Management of Information Security, Ch. 9 Quiz

Complete the Ch. 9 quiz using the MindTap Access link.

The benefits of ISO certification to organizations achieving it include all of the following EXCEPT:

  • Smoother operations
  • Reduced costs
  • Lower taxes from governments
  • Improved public image

 

Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following?

  • Baselining
  • Benchmarking
  • Best practices
  • Due diligence

 

Which of the following is not a consideration when selecting recommended best practices?

  • Organization structure is similar
  • Same networking architecture
  • Resource expenditures are practical
  • Threat environment is similar

 

Which of the following InfoSec measurement specifications makes it possible to define success in the security program?

  • Prioritization and selection
  • Development approach
  • Establishing targets
  • Measurements templates

 

Problems with benchmarking include all but which of the following?

  • Recommended practices change and evolve, thus past performance is no indicator of future success.
  • Organizations being benchmarked are seldom identical.
  • Organizations don’t often share information on successful attacks.
  • Benchmarking doesn’t help in determining the desired outcome of the security process.

 

What are the legal requirements that an organization adopts a standard based on what a prudent organization should do, and then maintain that standard?

  • Due care and due diligence
  • Baselining and benchmarking
  • Best practices
  • Certification and accreditation

 

Which of the following is not a factor critical to the success of an information security performance measurement program?

  • Strong upper level management support
  • Results oriented measurement analysis
  • High level of employee buy-in
  • Quantifiable performance measurements

 

Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?

  • Information system faults
  • Baselining
  • Benchmarking
  • Legal liability

 

Which of the following is not a question a CISO should be prepared to answer, about a performance measures program, according to Kovacich?

  • What affect will measurement collection have on efficiency?
  • Who will collect these measurements?
  • Why should these measurements be collected?
  • Where will these measurements be collected?

 

Which of the following terms is described as the process of designing, implementing, and managing the use of the collected data elements to determine the effectiveness of the overall security program?

  • Standards of due care/diligence
  • Baselining
  • Performance management
  • Best practices