Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

01. CISM - Chapter 1 - Enterprise Governance > 04. Organisational Structure, Roles, Responsibilities > Flashcards

04. Organisational Structure, Roles, Responsibilities Flashcards

(49 cards)

Start Studying
1
Q

Organisational Structure, Roles, Responsibilities

The way the organisation is structured will help drive how it deals with what - this being due to departments and other hierarchial structures being established to take care of specific functions that contribute towards business goals and objectives

A

Cybersecurity

41

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Organisational Structure, Roles, Responsibilities

Each unit at each level of the business hierarchy should be aware of and what for its impact on information protection and cybersecurity

A

Responsible

42

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Organisational Structure, Roles, Responsibilities

What does a ROLE describe of an employee

A

Expected activities obligated to perform as part of their employment

42

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Organisational Structure, Roles, Responsibilities

A job title or position title are typically associated with what

A

Role

42

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Organisational Structure, Roles, Responsibilities

A RESPONSIBILITY is a statement of what

A

Activities that a person is expected to perform

43

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Organisational Structure, Roles, Responsibilities

An organisation assigns roles and responsibilities to individuals and groups to meet the organisations what 2 things in relation to security

A

Strategy and Objectives

43

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Organisational Structure, Roles, Responsibilities

What is the purpose of the development of a RACI

A

Help personnel determine roles for various business activities

43

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Organisational Structure, Roles, Responsibilities

What 3 things specifically should be considered when assigning roles to individuals and groups in a RACI chart

A
  1. Skills
  2. Segregation of duties
  3. Conflict of interest

45

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Organisational Structure, Roles, Responsibilities

Activities performed by the baord of directors, as well as directors authority are usually defined by what 3 things

A
  1. Constitution
  2. Bylaws
  3. External Regulation

45

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Organisational Structure, Roles, Responsibilities

Board members have fiduciary duty, which means what

A

A fiduciary is a person who holds a legal or ethical relationship of trust with one or more other parties

45

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Organisational Structure, Roles, Responsibilities

In the U.S., public companies are required to form an audit committee based on what act

A

Sar-Banes-Oxley Act

45

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Organisational Structure, Roles, Responsibilities

The Board of Directors expect the CEO and other executives to implement a corporate governance function to ensure who has an appropriate level of visibility and control over the organisations operations

A

Executive Management

46

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Organisational Structure, Roles, Responsibilities

Who is accountable to the board of directors to demonstrate that they have effectively carried out the boards strategies

A

Executives

46

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Organisational Structure, Roles, Responsibilities

Information security management includes ensuring that sufficient organisational resources are devoted to implementing a security program and devloping and maintaining security controls to protect critical assets. Who is responsible for this

A

Executive Management

CIO - Chief Information Officer
CTO - Chief Technical Officer
CISO - Cheif Information Security Officer

47

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Organisational Structure, Roles, Responsibilities

To ensure the success of the organisations information security program, executive management should be involved in which 3 key areas

A
  1. Ratify corporate security policy
  2. Leadship by example
  3. Assume Ultimate Responsibility

47

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Organisational Structure, Roles, Responsibilities

A security steering committee should consist of, if possible, stakeholders from which 4 things

A
  1. Business units
  2. Departments
  3. Functions
  4. Principle Locations

47

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Organisational Structure, Roles, Responsibilities

Risk treatment deliberations and recommendations are typically the responsibility of who

A

Steering Committee

47

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Organisational Structure, Roles, Responsibilities

Discussion and coordination of IT and security projects is typically the responsibility of who

A

Steering Committee

47

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Organisational Structure, Roles, Responsibilities

Reviewing of recent risk assessments is typically the responsibility of who

A

Steering Committee

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Organisational Structure, Roles, Responsibilities

Discussion of new laws, regulations, and requirements is typically the responsibility of who

Study These Flashcards
A

Steering Committee

48

21
Q

Organisational Structure, Roles, Responsibilities

Review of recent security incidents is typically the responsibility of who

Study These Flashcards
A

Steering Committee

48

22
Q

Organisational Structure, Roles, Responsibilities

Deciding on whether individuals or groups should be given access to or have access revoked to an asset and the level and type of access is the responsibility of who

Study These Flashcards
A

Business Process or Asset Owner

48

23
Q

Organisational Structure, Roles, Responsibilities

Periodic reviews of access lists and determining if people/groups should have continued access to an asset is the responsibility of who

Study These Flashcards
A

Business Process or Asset Owner

48

24
Q

Organisational Structure, Roles, Responsibilities

Determining the proper fucntion and support of applications and business processes, and determining the asset configuration required, is the responsibility of who

Study These Flashcards
A

Business Process or Asset Owner

48

25
# Organisational Structure, Roles, Responsibilities Who determines what functions will be available, and how they work, in relation to business applications
Business Process or Asset Owner ## Footnote 48
26
# Organisational Structure, Roles, Responsibilities Who determines the physical location of an asset
Business Process or Asset Owner ## Footnote 49
27
# Organisational Structure, Roles, Responsibilities A CISO will develop business-aligned security strategies that support current and future business initiatives and will be responsible for...
1. Developing and operating organisations **information risk program** 2. Developing and implementing **security policies** 3. Developing and implementing **security incident response** 4. Developing operational **security functions** ## Footnote 49
28
# Organisational Structure, Roles, Responsibilities The CISO typically reports to one of which two people
1. COO - Chief Operations Officer 2. CEO - Chief Executive Officer ## Footnote May report to CIO in some organisations 49
29
# Organisational Structure, Roles, Responsibilities This role has the responsibility of work place security
Chief Security Officer (CSO) ## Footnote 49
30
# Organisational Structure, Roles, Responsibilities This position is principly concerned with all aspects of risk and is seperate from IT
Chief Risk Officer (CRO)
31
# Organisational Structure, Roles, Responsibilities What view do C-Level executives possibly have in an origanisation where they have not implemented the role of a CISO
Security will hinder business development and agility ## Footnote 50
32
# Organisational Structure, Roles, Responsibilities For what reason may a small-medium business may not have a fully time CISO
Not cost-effective ## Footnote 50
33
# Organisational Structure, Roles, Responsibilities A glance at the totle of the highest ranking information security position in an orgnisation reveals the exec managements opinion of information security. Which role would be leading information security; "Information security is tactical and often viewed as consisting only of antivirus software and firewalls. This role has no visibility into the development of business objectivies. EXecs consider security as unimportant and based on technology only."
Security Manager ## Footnote 50
34
# Organisational Structure, Roles, Responsibilities A glance at the totle of the highest ranking information security position in an orgnisation reveals the exec managements opinion of information security. Which role would be leading information security; "information security is essnetial and has moderate decision making capability but little influence on the business. This role may have little visibility of overall business strategies and little or no access to executive management or board of directors"
Security Director ## Footnote 50
35
# Organisational Structure, Roles, Responsibilities A glance at the totle of the highest ranking information security position in an orgnisation reveals the exec managements opinion of information security. Which role would be leading information security; "Information security is strategic but does not inflience business strategy and objectives. This role will have access to executive management and possibly the board of directors"
Vice President ## Footnote 50
36
# Organisational Structure, Roles, Responsibilities A glance at the totle of the highest ranking information security position in an orgnisation reveals the exec managements opinion of information security. Which role would be leading information security; "Information security is strategic, and business objectives are developed with full consideration for risk"
CISO/CIRO/CRO/CSO/vCISO ## Footnote 50
37
# Organisational Structure, Roles, Responsibilities A role typically involved in the safeguarding of PII and ensuring the origanisation does not misuse PII
Chief Privacy Officer (CPO) aka Data Protection Officer (DPO) ## Footnote 51
38
# Organisational Structure, Roles, Responsibilities A role that includes oversight over policy and organisation functions that come into scope for regulations and standards
Chief Compliance Officer (CCO) ## Footnote 51
39
# Organisational Structure, Roles, Responsibilities This role is responsible for performing risk assessments and maintaining the risk register
Risk Manager ## Footnote 54
40
# Organisational Structure, Roles, Responsibilities This role works closely with the risk manager and is responsible for maintaining security and privacy policy documents and related information
Policy Manager ## Footnote 54
41
# Organisational Structure, Roles, Responsibilities This role is responsible for maintaining security controls, advising control owners on responsibilities and expectations, and assessing controls for effectiveness
Controls Manager ## Footnote 54
42
# Organisational Structure, Roles, Responsibilities THis role is responsible for data classification policy and serves as a governance function to manage the organisations use of information
Information Governance ## Footnote 54
43
# Organisational Structure, Roles, Responsibilities 4 core roles in the **business resilience** function responsible for various activities that ensure the organisation can continue operations despite disruptive events
1. Crisis Communications Officer 2. Crisis Manager 3. Business Continuity Planner 4. Disaster Recover Planner ## Footnote 54
44
# Organisational Structure, Roles, Responsibilities Roles within the security operations function are responsible for designing, building and monitoring security systems and controls to ensure information systems maintain what 3 things
1. Confidentiality 2. Integrity 3. Availability | CIA ## Footnote 54
45
# Organisational Structure, Roles, Responsibilities 2 core roles within the **Security Audit** function responsible for examining process design and verifying the effectiveness of security controls
1. Security Audit Manager 2. Security Auditor ## Footnote 54
46
# Organisational Structure, Roles, Responsibilities 2 core roles within the **Quality Assurance** function responsible for examining process design and verifying the effectiveness of security controls
1. QA manager 2. QC Manager ## Footnote Quality Assurance Quality Control 56
47
# Organisational Structure, Roles, Responsibilities **Controls and internal audit** An intenral audit of controls provides an objective analysis of what
control effectiveness ## Footnote 57
48
# Organisational Structure, Roles, Responsibilities **Metrics and Reporting** Developing metrics for repeated activities helps management better understand what
Work output ## Footnote 57
49
# Organisational Structure, Roles, Responsibilities **Work measurement** A structured activity used to measure repeated tasks carefully helps management better understand what
volume of work performed ## Footnote 57

01. CISM - Chapter 1 - Enterprise Governance (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions