Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

01. CISM - Chapter 1 - Enterprise Governance > Chapter 1 Review > Flashcards

Chapter 1 Review Flashcards

1
Q

Chapter 1 - Review

Information security governance is the top-down management and control of these 2 concerns in an organization.

A

SECURITY and RISK MANAGEMENT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Chapter 1 - Review

Governance is usually undertaken through this group of people that consists of individuals from this level throughout the organization.

A

SECURITY STEERING COMMITTEE
EXECUTIVES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Chapter 1 - Review

The steering committee is responsible for the overall setting of these 2 things, ensuring that security strategy aligns with the organization’s IT and business strategy and objectives

A

STRATEGIC DIRECTION and POLICY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Chapter 1 - Review

The directives of the steering committee are carried out through these 2 activities that steer the security organization toward strategic objectives.

A

PROJECTS and TASKS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Chapter 1 - Review

The steering committee can monitor progress through these 2 methods

A

METRICS and a BALANCED SCORECARD

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Chapter 1 - Review

For an information security program to be successful, it must align with the business and its overall (i)____ , (ii) ____ and ____ , and (iii) ____

A

MISSION
GOALS and OBJECTIVES
STRATEGY

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Chapter 1 - Review

The security program must consider the organization’s notion of these 5 things;

  1. ____ ; representative worth of something of importance to the organisation
  2. ____ ; attitudes of the business
  3. ____ ; Senior management taste for danger
  4. ____ ; Required by law
  5. ____ ; The environment within which the organisation is operating
A
  1. ASSET VALUE
  2. CULTURE
  3. RISK TOLLERANCE / RISK APPETITE
  4. LEGAL OBLIGATIONS
  5. MARKET CONDITIONS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Chapter 1 - Review

A successful and aligned security program does not lead the organization but does these 2 things to help it carry out its mission and pursue its goals.

A

ENABLES and SUPPORTS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Chapter 1 - Review

Security governance is accomplished using the same means as IT governance: it begins with this org level involvement that sets the tone for risk appetite

A

BOARD LEVEL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Chapter 1 - Review

Security Governance is carried out through this person/role, who develops security and privacy policies and a strategic security program

A

CHIEF INFORMATION SECURITY OFFICER
(CISO)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Chapter 1 - Review

The strategic security program includes these 8 areas;

  1. S____ Assurance
  2. C____ Management
  3. V____ Management
  4. C____ Management
  5. I____ Management
  6. V____ Management
  7. S____ A ____ Training
  8. I____ & A ____ Management
A
  1. SOFTWARE ASSURANCE
  2. CHANGE MANAGEMENT
  3. VENDOR MANAGEMENT
  4. CONFIGURATION MANAGEMENT
  5. INCIDENT MANAGEMENT
  6. VULNERABILITY MANAGEMENT
  7. SECURITY AWARENESS TRAINING
  8. IDENTIDY AND ACCESS MANAGEMENT
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Chapter 1 - Review

  1. SOFTWARE ASSURANCE
  2. CHANGE MANAGEMENT
  3. VENDOR MANAGEMENT
  4. CONFIGURATION MANAGEMENT
  5. INCIDENT MANAGEMENT
  6. VULNERABILITY MANAGEMENT
  7. SECURITY AWARENESS TRAINING
  8. IDENTIDY AND ACCESS MANAGEMENT

The above are all areas included within this program

A

STRATEGIC SECURTIY PROGRAM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Chapter 1 - Review

Security governance is used to establish these 2 things in relation to personnel for security-related activities throughout all layers of the organization

A

ROLES and RESPONSIBILITIES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Chapter 1 - Review

Roles and responsibilities are defined in these 3 places;

  1. J____ descriptions
  2. P____ & P ____ documents
  3. R____ charts
A
  1. JOB DESCRIPTIONS
  2. POLICY and PROCESS DOCUMENTS
  3. RACI CHARTS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Chapter 1 - Review

The board of directors is responsible for overseeing these in an organization.

A

ALL ACTIVITIES

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Chapter 1 - Review

Boards of directors select and manage a chief executive officer responsible for developing this function to manage;

  1. Assets
  2. Budgets
  3. Personnel
  4. Processes
  5. Risk
A

GOVERNANCE FUNCTION

17
Q

Boards of directors select and manage a chief executive officer responsible for developing a governance function to manage these 5 things;

  1. ____ ; Information, information systems things of value to the business
  2. ____ ; Money for the program
  3. ____ ; People working within the program
  4. ____ ; Methodologies
  5. ____ ; Concerns related to threats, liklihood, and impact
A
  1. ASSETS
  2. BUDGETS
  3. PERSONNEL
  4. PROCESSES
  5. RISK
18
Q

Chapter 1 - Review

The security steering committee is responsible for this overall in terms of a means to obtain objectives

A

STRATEGIC PLANNING

19
Q

Chapter 1 - Review

The security steering committee will develop and approve security policies and appoint managers to develop and maintain these 3 things in the execution of those policies

A

PROCESSES, PROCEDURES and STANDARDS

20
Q

Chapter 1 - Review

Processes, procedures and standards should align with one another and with the organization’s overall (i) ____ , (ii) ____ , (iii) ____ and ____

A

MISSION, STRATEGY, GOALS, and OBJECTIVES

21
Q

Chapter 1 - Review

The CISO will develop these to be business-aligned and will support the organization’s overall mission and goals

A

SECURITY STRATEGIES

22
Q

Chapter 1 - Review

The CISO is responsible for this in the organization’s overall

A

SECURITY PROGRAM

including policy development, risk management, and perhaps some operational activities such as vulnerability management, incident management, access management, and security awareness training.

23
Q

Chapter 1 - Review

This person is responsible for the protection and proper use of sensitive personal information

A

CHIEF PRIVACY OFFICER
(CPO)

AKA DPO

24
Q

Chapter 1 - Review

The CPO’s information protection responsibilities are sometimes shared with this person, who has overall information protection responsibilities.

A

CHEIF INFORMATION SECURITY OFFICER

25
Q

Chapter 1 - Review

The chief compliance officer is responsible these 2 activities

A

COMPLIANCE TRACKING and REPORTING

26
Q

Chapter 1 - Review

All roles in IT have ____

A

SECURITY RESPONSIBILITIES

27
Q

Chapter 1 - Review

Large organisations will suffer the issue where this will change more slowly than the environment.

A

STANDARDS

01. CISM - Chapter 1 - Enterprise Governance (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions