READ Free Dumps For
Warning: Undefined variable $vendor in /home1/bandbozu/getfreedumps.com/quiz.php on line 141
-
Warning: Undefined variable $exam_number in /home1/bandbozu/getfreedumps.com/quiz.php on line 141
| Question ID 16826 | Which of the following factors is a PRIMARY driver for information security governance that
does not require any further justification?
|
| Option A | Alignment with industry best practices
|
| Option B | Business continuity investment
|
| Option C | Business benefits
|
| Option D | Regulatory compliance
|
| Correct Answer | D |
Explanation Explanation: Regulatory compliance can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements. Buy-in from business managers must be obtained by the information security manager when an information security governance measure is sought based on its alignment with industry best practices. Business continuity investment needs to be justified by business impact analysis. When an information security governance measure is sought based on qualitative business benefits, further analysis is required to determine whether the benefits outweigh the cost of the information security governance measure in question.
| Question ID 16827 | The MOST important characteristic of good security policies is that they:
|
| Option A | state expectations of IT management.
|
| Option B | state only one general security mandate.
|
| Option C | are aligned with organizational goals.
|
| Option D | govern the creation of procedures and guidelines.
|
| Correct Answer | C |
Explanation Explanation: The most important characteristic of good security policies is that they be aligned with organizational goals. Failure to align policies and goals significantly reduces the value provided by the policies. Stating expectations of IT management omits addressing overall organizational goals and objectives. Stating only one general security mandate is the next best option since policies should be clear; otherwise, policies may be confusing and difficult to understand. Governing the creation of procedures and guidelines is most relevant to information security standards.