Section 5 - Information Security Governance Work Flashcards

1
Q

What is Governance?

The attitude and tone of leadership at an Org.
The duly elected official over your Cybersecurity Program.
The approach to analyzing Risk.
The Cybersecurity document repository.

A

The attitude and tone of leadership at an Org.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a Policy?

A document workflow on how to perform some activity.
A documented, expected rule or behavior of an organization and the personnel that work within it.
A law that regulates an organizations Information Security.
The influence of geopolitical events on an orgs Information Security.

A

A documented, expected rule or behavior of an organization and the personnel that work within it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a Standard?

Acceptable behavior.
The model behavior of staff at an organization.
The combination of a policy and supporting procedure.
Values that qualify Policy at an Organization such as a 12 Character password min requirement.

A

Values that qualify Policy at an Organization such as a 12 Character password min requirement.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Procedure?

A surgical operation on a piece of technology.
A governing rule set by orgs on acceptable and expected behavior.
A workflow that enables a policy to be implemented at an org.
The outcome of violating a policy.

A

A workflow that enables a policy to be implemented at an org.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Policy Outline/Objectives?

A
TITLE
Purpose
Scope/Exclusions
Policy
Related Procedures
NON-Compliance
Authority
Definitions/Acronyms - other info if needed.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Why is Policy important to an org?

Policy dictates and communicates to any personnel interacting with the org systems expecting behaviors and supports consistent, secure approaches.
It provides leadership the opportunity to feel empowered by authorizing policies.
It allows procedures to map back to a cause for existing.
Compliance requires them to be written regardless of their efficacy.

A

Policy dictates and communicates to any personnel interacting with the org systems expecting behaviors and supports consistent, secure approaches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following are common Cybersecurity Policies found at Orgs? (Select All that Apply)

Information Security
Work from Home
Bereavement
Acceptable Use

A

Information Security

Acceptable Use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly