Domain 1

Question 1

process of how an org is managed. Includes all aspects of how decisions are made for that org and can include policy, roles, and procedures the org uses to make those decisions.

Answer 1

governance

Question 2

the entirety of the polices, roles, and processes the org uses to make security decisions, Specific to its purpose and objectives

Answer 2

security governance

Question 3

Makes strategic decisions and which policies are required for all corp

Answer 3

legislation

Question 4

Might impose corp mandate for part types of decisions

Answer 4

Board of directors

Question 5

Might dictate who within the corp participate and finalizes part decisions

Answer 5

Local and federal regulators

Question 6

Typically responsible for mandating policy , determining strategic goals for the org, and making final determination according to the org governance for both security and non-security.

Answer 6

Senior management

Question 7

Responsible for advising senior management on security matters, may assist in drafting policies , manages day-to-day security operations represents the org security needs in groups and meetings, selects and contracts for security products , and may manage the incident and disasters response.

Answer 7

Security manage, director, or officer

Question 8

Tasked with performing the security processes and activities with the org.

Answer 8

Security personnel

Question 9

Recognized globally, know as ISMS, comprehensive holistic view of security governance within an org. Mostly focused on policy.

Answer 9

ISO 27001

Question 10

comprehensive list of security controls

Answer 10

ISO 27002

Question 11

Created and maintained by ISACA, Designed in a way to manage and document enterprise IT and Security functions for an org. Attending to address IT performance, security ops, risk management, and regulatory compliance

Answer 11

COBIT

Question 12

IT service delivery set of best practices. Concentrates on how an org it env should enhance and benefit its business goals.

Answer 12

ITIL

Question 13

Legal concept pertaining to the duty owed by a provider to a customer.

Answer 13

Due care

Question 14

An activity used to demonstrate or provide due care.

Answer 14

Due diligence

Question 15

publishing a policy is an insufficient form of due diligence. What must you have?

Answer 15

To meet the legal duty, an org must also have a documented monitoring and enforcement capability in place and active to ensure the org is adhering to the policy.

Question 16

possibility of damage and harm and the likelihood that damage or harm will be relegalized.

Answer 16

Risk

Question 17

Creates a risk and enhances a risk or possibility of being realized.

Answer 17

Threat and vulnerability

Question 18

Subjective risk analysis -choose when no budget, no time, or training

Answer 18

Qualitive

Question 19

Objective risk analysis - choose when you have budget, time, and training

Answer 19

Quantitative

Question 20

Plan and process for determining the proper function and management of controls necessary and should be customized to the needs of the org.

Answer 20

Security Control Assessment

Question 21

Adherence to a mandate

Answer 21

compliance

Question 22

Compliance reviews

Answer 22

audit

Question 23

comes in form of contracts, government imposition, governments creating regulations, or traditional or cultural.

Answer 23

mandate

Question 24

Legal standards are set by

Answer 24

courts

Question 25

Actions, process, and tools for ensuring an org can continue critical operations during a contingency.

Answer 25

Bc

Question 26

Efforts are those task and activities required to bring an org back from contingency operations and reinstate regular operations.

Answer 26

DR

Question 27

measure of how long and org can survive an interruption of critical factors if exceeded the org will no longer be viable

Answer 27

MAD or MTD

Question 28

target time for recovering from interruption. must be less than MAD. Goal for recovering availability of the critical path. Stage until return to regular status.

Answer 28

RTO

Question 29

Measure of how much data the org can lose before the org is no longer viable. Measured in time.

Answer 29

RPO