Performance measurements are seldom required in today’s regulated infosec environment.

What are the legal requirements that an organization adopt a standard based on what a prudent organization should do,and then maintain that standard? 

Free

Multiple Choice

Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following? 

Free

Multiple Choice

Performance measurements are seldom required in today's regulated InfoSec environment.​ 

Free

True False

Standardization is an an attempt to improve information security practices by comparing an organization's efforts against those of a similar organization or an industry-developed standard to produce results it would like to duplicate.____________

True False

Recommended practices are those security efforts that seek to provide a superior level of performance in the protection of information.____________

True False

Which of the following is NOT a question to be used as a self-assessment for recommended security practices in the category of people? 

Multiple Choice

Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence? 

Multiple Choice

A comprehensive assessment of a system's technical and nontechnical protection strategies,as specified by a particular set of requirements is known as ​accreditation.____________

True False

​A standard of due process is a legal standard that requires an organization and its employees to act as a "reasonable and prudent" individual or organization would under similar circumstances.____________

True False

Data or the trends in data that may indicate the effectiveness of security countermeasures or controls-technical and managerial-implemented in the organization are known as program measurements.____________

True False

One question you should ask when choosing among recommended practices is "Can your organization afford to implement the recommended practice?" 

True False

​The biggest barrier to baselining in InfoSec is the fact that many organizations do not share warnings with other organizations.____________

True False

​One of the critical tasks in the measurement process is to assess and quantify what will be measured and how it is measured.____________

True False

Which of the following is NOT a consideration when selecting recommended best practices? 

Multiple Choice

​A performance measure is an an assessment of the performance of some action or process against which future performance is assessed._____________

True False

Problems with benchmarking include all but which of the following? 

Multiple Choice

Attaining certification in security management is a long and difficult process,but once attained,an organization remains certified for the life of the organization.

True False

A company striving for 'best security practices' makes every effort to establish security program elements that meet every minimum standard in their industry.

True False

Using a practice called baselining,you are able to develop policy based on the typical practices of the industry in which you are working.

True False

​The authorization by an oversight authority of an IT system to process,store,or transmit information is known as certification.____________

True False

What is a performance measure in the context of InfoSec management?

Which of the following is the last phase in the process for performance measures implementation?

Which of the following is used by organizations to compare their existing security performance against prior performance?

Which of the following is the original purpose of ISO IEC 17799?