What are the legal requirements that an organization adopt a standard based on what a prudent organization should do,and then maintain that standard?
Free
Multiple Choice
Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following?
Free
Multiple Choice
Performance measurements are seldom required in today's regulated InfoSec environment.
Free
True False
Standardization is an an attempt to improve information security practices by comparing an organization's efforts against those of a similar organization or an industry-developed standard to produce results it would like to duplicate.____________
True False
Recommended practices are those security efforts that seek to provide a superior level of performance in the protection of information.____________
True False
Which of the following is NOT a question to be used as a self-assessment for recommended security practices in the category of people?
Multiple Choice
Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?
Multiple Choice
A comprehensive assessment of a system's technical and nontechnical protection strategies,as specified by a particular set of requirements is known as accreditation.____________
True False
A standard of due process is a legal standard that requires an organization and its employees to act as a "reasonable and prudent" individual or organization would under similar circumstances.____________
True False
Data or the trends in data that may indicate the effectiveness of security countermeasures or controls-technical and managerial-implemented in the organization are known as program measurements.____________
True False
One question you should ask when choosing among recommended practices is "Can your organization afford to implement the recommended practice?"
True False
The biggest barrier to baselining in InfoSec is the fact that many organizations do not share warnings with other organizations.____________
True False
One of the critical tasks in the measurement process is to assess and quantify what will be measured and how it is measured.____________
True False
Which of the following is NOT a consideration when selecting recommended best practices?
Multiple Choice
A performance measure is an an assessment of the performance of some action or process against which future performance is assessed._____________
True False
Problems with benchmarking include all but which of the following?
Multiple Choice
Attaining certification in security management is a long and difficult process,but once attained,an organization remains certified for the life of the organization.
True False
A company striving for 'best security practices' makes every effort to establish security program elements that meet every minimum standard in their industry.
True False
Using a practice called baselining,you are able to develop policy based on the typical practices of the industry in which you are working.
True False
The authorization by an oversight authority of an IT system to process,store,or transmit information is known as certification.____________
True False