Security Program Management and Oversight Flashcards
How does an Acceptable Use Policy (AUP) contribute to cybersecurity in an organization?
By establishing guidelines for secure and responsible use of IT resources
Why is effective security governance crucial for managing cybersecurity risks?
To provide a strategic framework for identifying and mitigating risks
What is the primary goal of business continuity planning?
To minimize the impact of disruptions on business operations
Which of the following is a key element of a disaster recovery plan?
Offsite data backups
What is the purpose of a business impact analysis (BIA) in business continuity planning?
To prioritize critical business functions and processes
What is a key difference between business continuity planning and disaster recovery planning?
Business continuity planning encompasses the entire organization, while disaster recovery planning is specific to IT systems.
A company is implementing a backup and recovery solution for its production systems. The team wants to ensure minimal data loss in case of a disruption. What concept is the team primarily concerned with in this scenario?
RPO (Recovery Point Objective)
Which governance structure is likely to prioritize risk management and compliance?
Enterprise Governance
Which role would be responsible for defining access controls, ensuring data integrity, and overseeing the overall security posture of the customer database?
Data Owner
10) Which role would be responsible for ensuring that data processing activities comply with data protection regulations, obtaining consent from customers, and responding to data subject requests?
Data Controller
Which role would be responsible for ensuring the confidentiality, integrity, and availability of patient health records, implementing access controls, and conducting regular security training for staff?
Data Custodian
Which type of risk assessment would be most suitable for identifying and addressing emerging cybersecurity threats and vulnerabilities in real-time?
Continuous Risk Assessment
Which type of risk assessment would be most appropriate for identifying potential security vulnerabilities in a new software release before it goes live?
Ad hoc Risk Assessment
Which type of risk assessment would be most appropriate for identifying potential security vulnerabilities in a new software release before it goes live?
One-time Risk Assessment
In a software development project aiming to release a new version of a popular application, which type of risk analysis would be most appropriate for assigning qualitative measures to potential risks related to project timelines, software bugs, and user acceptance?
Qualitative Risk Analysis
In a cybersecurity project aiming to protect a financial institution’s network infrastructure, which type of risk analysis would be most appropriate for assigning numerical values to potential risks such as data breaches, system vulnerabilities, and financial losses?
Quantitative Risk Analysis
A cloud service provider experiences a service outage that lasts for 10 hours. During this time, the company estimates a loss of $50,000 in revenue. If the likelihood of such an outage occurring is determined to be 5% annually, what is the Single Loss Expectancy (SLE) for this event?.
$2,500
A healthcare organization is assessing the potential financial impact of a cybersecurity breach that could expose sensitive patient information. The estimated cost of addressing the breach and potential legal consequences is $500,000. If the likelihood of a cybersecurity breach in a given year is 8%, what is the Annualized Loss Expectancy (ALE)?
$40,000
During the due diligence process for vendor selection, what steps can help uncover potential conflicts of interest?
Conducting background checks on vendor employees
In the process of due diligence with a new software vendor, what aspect should be assessed to ensure compliance with licensing requirements?
The software licensing agreements