READ Free Dumps For
Warning: Undefined variable $vendor in /home1/bandbozu/getfreedumps.com/quiz.php on line 141
-
Warning: Undefined variable $exam_number in /home1/bandbozu/getfreedumps.com/quiz.php on line 141
Question ID 16853 | Who is responsible for ensuring that information is categorized and that specific protective
measures are taken?
|
Option A | The security officer
|
Option B | Senior management
|
Option C | The end user
|
Option D | The custodian
|
Correct Answer | B |
Explanation Explanation: Routine administration of all aspects of security is delegated, but top management must retain overall responsibility. The security officer supports and implements information security for senior management. The end user does not perform categorization. The custodian supports and implements information security measures as directed.
Question ID 16854 | Which of the following BEST contributes to the development of a security governance
framework that supports the maturity model concept?
|
Option A | Continuous analysis, monitoring and feedback
|
Option B | Continuous monitoring of the return on security investment (ROSD
|
Option C | Continuous risk reduction
|
Option D | Key risk indicator (KRD setup to security management processes
|
Correct Answer | A |
Explanation Explanation: To improve the governance framework and achieve a higher level of maturity, an organization needs to conduct continuous analysis, monitoring and feedback compared to the current state of maturity. Return on security investment (ROSD may show the performance result of the security-related activities; however, the result is interpreted in terms of money and extends to multiple facets of security initiatives. Thus, it may not be an adequate option. Continuous risk reduction would demonstrate the effectiveness of the security governance framework, but does not indicate a higher level of maturity. Key risk indicator (KRD setup is a tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.