B- Business Alignment Flashcards

1
Q

Information security program and the rest of the organization

A

An organization’s information security program NEEDS TO FIT INTO the rest of the organization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

goals and objectives

A

Specify the activities that are to take place in support of the organization’s overall strategy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

risk appetite

A

The level of risk that an organization is willing to accept while in pursuit of its mission, strategy, and objectives, and before action is needed to treat the risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

risk capacity

A

The objective amount of loss that an organization can tolerate without its continued existence being called into question.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Does an organization have a single risk tolerance across the entire business?

A

No, because different business functions and different aspects of security will have varying levels of risks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Role

A

A description of expected activities that employees are obliged to perform as part of their employment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are roles typically associated with

A

Job title or position title

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Position title which includes rank

A

It denotes an individual person’s seniority, placement within a command-and-control hierarchy, span of control, or any combination of these.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Responsibility

A

A statement of activities that a person is expected to perform.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Where are roles and responsibilities documented

A

In Position descriptions and job descriptions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

RACI Chart

A

It assigns levels of responsibilities to individual and groups

Responsible-Accountable -Consulted- Informed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Responsible in RACI

A

The person or group that performs the actual work or task.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Accountable in RACI

A

The person who is ultimately answerable for complete, accurate, and timely execution of the work. Often this is a person who manages those in the Responsible role.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Consulted in RACI

A

One or more people or groups who are consulted for their opinions, experience, or insight. People in the Consulted role may be a subject-matter expert.

Communication with the Consulted role is two-way.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Informed in RACI

A

One or more people or groups who are informed by those in other roles. Depending on the process or task, Informed may be told of an activity before, during, or after its completion.

Communication with Informed is one-way.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

When is information security governance most effective

A

If every person person in the organization knows what is expected.