Section 5 - Information Security Governance Work Flashcards
What is Governance?
The attitude and tone of leadership at an Org.
The duly elected official over your Cybersecurity Program.
The approach to analyzing Risk.
The Cybersecurity document repository.
The attitude and tone of leadership at an Org.
What is a Policy?
A document workflow on how to perform some activity.
A documented, expected rule or behavior of an organization and the personnel that work within it.
A law that regulates an organizations Information Security.
The influence of geopolitical events on an orgs Information Security.
A documented, expected rule or behavior of an organization and the personnel that work within it.
What is a Standard?
Acceptable behavior.
The model behavior of staff at an organization.
The combination of a policy and supporting procedure.
Values that qualify Policy at an Organization such as a 12 Character password min requirement.
Values that qualify Policy at an Organization such as a 12 Character password min requirement.
What is Procedure?
A surgical operation on a piece of technology.
A governing rule set by orgs on acceptable and expected behavior.
A workflow that enables a policy to be implemented at an org.
The outcome of violating a policy.
A workflow that enables a policy to be implemented at an org.
Policy Outline/Objectives?
TITLE Purpose Scope/Exclusions Policy Related Procedures NON-Compliance Authority Definitions/Acronyms - other info if needed.
Why is Policy important to an org?
Policy dictates and communicates to any personnel interacting with the org systems expecting behaviors and supports consistent, secure approaches.
It provides leadership the opportunity to feel empowered by authorizing policies.
It allows procedures to map back to a cause for existing.
Compliance requires them to be written regardless of their efficacy.
Policy dictates and communicates to any personnel interacting with the org systems expecting behaviors and supports consistent, secure approaches.
Which of the following are common Cybersecurity Policies found at Orgs? (Select All that Apply)
Information Security
Work from Home
Bereavement
Acceptable Use
Information Security
Acceptable Use