InfoSec Program Development and Management Flashcards
Is it okay for some employees to not receive security awareness training?
No, it is essential for all employees to complete security training.
What does GDPR require of a DPO
The DPO mus report to the highest level in an organization
What is an alternative to MFA?
Implement adaptive MFA with business rules that represent an acceptable compromise (e.g., registered company devices).
How can a CISO best estimate the resources required to support security operations in an organization?
Consult with industry analysts and experts to get the best initial estimates.
What does WAF stand for?
Web application firewall
A SIEM addresses which business problem?
Identification of unwanted security events in the entire technology stack
Which groups should be involved in SIEM acquisition?
Security governance, security operations, IT operations, audit
What is the best consideration for classifying assets for an e-commerce company?
Knowing whether assets contain cardholder data, PII, and encryption keys
Name categories for asset classification
Data sensitivity, geographic location, business process alignment
What are the primary stages of SDLC?
Initiation, development of acquisition, implementation, operation or maintenance, disposal
What are the 5 agreement types?
- OLA Operational Level Agreement
- SLA Service Level Agreement
- ISA IntercoWhnnection Security Agreement
- MOU/A: Memo of Understanding/Agreement
- BPA: Business Partner Agreement
What is the meaning of the phrase “identify the new perimeter”?
Everything (technology and people) is moving to the cloud or outside the network perimeter, and internal firewalls are no longer relevant
What are SMART goals?
Specific, Measurable, Attainable, Realistic, and Timely
