F. Business Model for Information Security (BMIS)

Question 1

What is Business Model for Information Security (BMIS)

Answer 1

A guide developed by ISACA for business-aligned, risk based security governance.

Question 2

What does the use of BMIS do

Answer 2

It helps security leadership ensure that the organization’s security program continues to address emerging threats, developing regulations, and changing business needs.

Question 3

element of IT model

Answer 3

People, process, technology

Question 4

elements of BMIS model

Answer 4

It’s a three-dimensional, three-sided pyramid which includes element of IT model (people, process, technology) and a fourth element i.e. organization

Question 5

Element of organization

Answer 5

Culture, governing, Architecture

Question 6

What is the apex (highest) element of the BMIS pyramid

Answer 6

The organization

Question 7

How are the elements of BMIS model connected

Answer 7

By dynamic interconnections which are culture, governing, architecture, emergence, enabling and support, and human factors

Question 8

Organization as element of BMIS model

Answer 8

Organization is viewed as a network of people interacting using processes to channel this interaction.
Organization includes permanent staff, temporary staff, contractors, people of outsourced organizations, third parties that play a role in helping the organization achieve its objectives

Question 9

Defining the people element in the BMIS

Answer 9

They represent all of the people in an organization, including people in outsources organizations that do business with the entity.

Question 10

Defining the process element in the BMIS

Answer 10

It’s the formal structure of all defined activities,

Process defines practices and procedures that describe how activities are to be carried out.

Question 11

What is an effective process per ISACA’s Risk IT framework?

Answer 11

A reliable and repetitive collection of activities and controls to perform a certain task.

Question 12

Defining the Technology element in the BMIS

Answer 12

It’s represents all of the systems, application, and tools used. It’s a powerful enabler of an organization’s processes and its strategic objectives.

Question 13

Defining culture in the dynamic interconnection of the organization

Answer 13

Culture is a pattern of behaviors, beliefs, assumptions, and ways of doing things.

Culture connects the organization and people elements.

Question 14

Why is culture the most critical factors in the success or failure of an information security program

Answer 14

Because culture reflects the attitudes, habits, and customs adopted by the people in the organization. Culture cannot be legislated or controlled directly.

Question 15

Civil culture in which organization resides

Answer 15

It plays a large role in sharping role the organization’s culture.

It makes it difficult for organization that have many global or regional location to establish a single culture.

Question 16

Defining governing in the dynamic interconnection of the organization

Answer 16

Set of responsibilities and practices exercised by the board and executives management with the goal of providing strategic direction.

Governing connects organization and process elements.

Question 17

Tools used in government

Answer 17

Policies, standards, guidelines, process documentation, resources allocation, compliance.

Question 18

What is vital in governing dynamic interconnection

Answer 18

Communication is.

Question 19

Defining Architecture in the dynamic interconnection of the organization

Answer 19

As systems and software engineering.

Architecture connects the organization and technology elements.

Question 20

What does the practice of architecture ensure

Answer 20

Alignment, consistency, efficiency, low cost, resilience, flexibility, stability, and security.