04. Organisational Structure, Roles, Responsibilities

Question 1

Organisational Structure, Roles, Responsibilities

The way the organisation is structured will help drive how it deals with what - this being due to departments and other hierarchial structures being established to take care of specific functions that contribute towards business goals and objectives

Answer 1

Cybersecurity

41

Question 2

Organisational Structure, Roles, Responsibilities

Each unit at each level of the business hierarchy should be aware of and what for its impact on information protection and cybersecurity

Answer 2

Responsible

42

Question 3

Organisational Structure, Roles, Responsibilities

What does a ROLE describe of an employee

Answer 3

Expected activities obligated to perform as part of their employment

42

Question 4

Organisational Structure, Roles, Responsibilities

A job title or position title are typically associated with what

Answer 4

Role

42

Question 5

Organisational Structure, Roles, Responsibilities

A RESPONSIBILITY is a statement of what

Answer 5

Activities that a person is expected to perform

43

Question 6

Organisational Structure, Roles, Responsibilities

An organisation assigns roles and responsibilities to individuals and groups to meet the organisations what 2 things in relation to security

Answer 6

Strategy and Objectives

43

Question 7

Organisational Structure, Roles, Responsibilities

What is the purpose of the development of a RACI

Answer 7

Help personnel determine roles for various business activities

43

Question 8

Organisational Structure, Roles, Responsibilities

What 3 things specifically should be considered when assigning roles to individuals and groups in a RACI chart

Answer 8

1. Skills
2. Segregation of duties
3. Conflict of interest

45

Question 9

Organisational Structure, Roles, Responsibilities

Activities performed by the baord of directors, as well as directors authority are usually defined by what 3 things

Answer 9

1. Constitution
2. Bylaws
3. External Regulation

45

Question 10

Organisational Structure, Roles, Responsibilities

Board members have fiduciary duty, which means what

Answer 10

A fiduciary is a person who holds a legal or ethical relationship of trust with one or more other parties

45

Question 11

Organisational Structure, Roles, Responsibilities

In the U.S., public companies are required to form an audit committee based on what act

Answer 11

Sar-Banes-Oxley Act

45

Question 12

Organisational Structure, Roles, Responsibilities

The Board of Directors expect the CEO and other executives to implement a corporate governance function to ensure who has an appropriate level of visibility and control over the organisations operations

Answer 12

Executive Management

46

Question 13

Organisational Structure, Roles, Responsibilities

Who is accountable to the board of directors to demonstrate that they have effectively carried out the boards strategies

Answer 13

Executives

46

Question 14

Organisational Structure, Roles, Responsibilities

Information security management includes ensuring that sufficient organisational resources are devoted to implementing a security program and devloping and maintaining security controls to protect critical assets. Who is responsible for this

Answer 14

Executive Management

CIO - Chief Information Officer
CTO - Chief Technical Officer
CISO - Cheif Information Security Officer

47

Question 15

Organisational Structure, Roles, Responsibilities

To ensure the success of the organisations information security program, executive management should be involved in which 3 key areas

Answer 15

1. Ratify corporate security policy
2. Leadship by example
3. Assume Ultimate Responsibility

47

Question 16

Organisational Structure, Roles, Responsibilities

A security steering committee should consist of, if possible, stakeholders from which 4 things

Answer 16

1. Business units
2. Departments
3. Functions
4. Principle Locations

47

Question 17

Organisational Structure, Roles, Responsibilities

Risk treatment deliberations and recommendations are typically the responsibility of who

Answer 17

Steering Committee

47

Question 18

Organisational Structure, Roles, Responsibilities

Discussion and coordination of IT and security projects is typically the responsibility of who

Answer 18

Steering Committee

47

Question 19

Organisational Structure, Roles, Responsibilities

Reviewing of recent risk assessments is typically the responsibility of who

Answer 19

Steering Committee

Question 20

Organisational Structure, Roles, Responsibilities

Discussion of new laws, regulations, and requirements is typically the responsibility of who

Answer 20

Steering Committee

48

Question 21

Organisational Structure, Roles, Responsibilities

Review of recent security incidents is typically the responsibility of who

Answer 21

Steering Committee

48

Question 22

Organisational Structure, Roles, Responsibilities

Deciding on whether individuals or groups should be given access to or have access revoked to an asset and the level and type of access is the responsibility of who

Answer 22

Business Process or Asset Owner

48

Question 23

Organisational Structure, Roles, Responsibilities

Periodic reviews of access lists and determining if people/groups should have continued access to an asset is the responsibility of who

Answer 23

Business Process or Asset Owner

48

Question 24

Organisational Structure, Roles, Responsibilities

Determining the proper fucntion and support of applications and business processes, and determining the asset configuration required, is the responsibility of who

Answer 24

Business Process or Asset Owner

48

Question 25

Organisational Structure, Roles, Responsibilities

Who determines what functions will be available, and how they work, in relation to business applications

Answer 25

Business Process or Asset Owner

48

Question 26

Organisational Structure, Roles, Responsibilities

Who determines the physical location of an asset

Answer 26

Business Process or Asset Owner

49

Question 27

Organisational Structure, Roles, Responsibilities

A CISO will develop business-aligned security strategies that support current and future business initiatives and will be responsible for…

Answer 27

1. Developing and operating organisations information risk program
2. Developing and implementing security policies
3. Developing and implementing security incident response
4. Developing operational security functions

49

Question 28

Organisational Structure, Roles, Responsibilities

The CISO typically reports to one of which two people

Answer 28

1. COO - Chief Operations Officer
2. CEO - Chief Executive Officer

May report to CIO in some organisations

49

Question 29

Organisational Structure, Roles, Responsibilities

This role has the responsibility of work place security

Answer 29

Chief Security Officer
(CSO)

49

Question 30

Organisational Structure, Roles, Responsibilities

This position is principly concerned with all aspects of risk and is seperate from IT

Answer 30

Chief Risk Officer
(CRO)

Question 31

Organisational Structure, Roles, Responsibilities

What view do C-Level executives possibly have in an origanisation where they have not implemented the role of a CISO

Answer 31

Security will hinder business development and agility

50

Question 32

Organisational Structure, Roles, Responsibilities

For what reason may a small-medium business may not have a fully time CISO

Answer 32

Not cost-effective

50

Question 33

Organisational Structure, Roles, Responsibilities

A glance at the totle of the highest ranking information security position in an orgnisation reveals the exec managements opinion of information security. Which role would be leading information security;

“Information security is tactical and often viewed as consisting only of antivirus software and firewalls. This role has no visibility into the development of business objectivies. EXecs consider security as unimportant and based on technology only.”

Answer 33

Security Manager

50

Question 34

Organisational Structure, Roles, Responsibilities

A glance at the totle of the highest ranking information security position in an orgnisation reveals the exec managements opinion of information security. Which role would be leading information security;

“information security is essnetial and has moderate decision making capability but little influence on the business. This role may have little visibility of overall business strategies and little or no access to executive management or board of directors”

Answer 34

Security Director

50

Question 35

Organisational Structure, Roles, Responsibilities

A glance at the totle of the highest ranking information security position in an orgnisation reveals the exec managements opinion of information security. Which role would be leading information security;

“Information security is strategic but does not inflience business strategy and objectives. This role will have access to executive management and possibly the board of directors”

Answer 35

Vice President

50

Question 36

Organisational Structure, Roles, Responsibilities

A glance at the totle of the highest ranking information security position in an orgnisation reveals the exec managements opinion of information security. Which role would be leading information security;

“Information security is strategic, and business objectives are developed with full consideration for risk”

Answer 36

CISO/CIRO/CRO/CSO/vCISO

50

Question 37

Organisational Structure, Roles, Responsibilities

A role typically involved in the safeguarding of PII and ensuring the origanisation does not misuse PII

Answer 37

Chief Privacy Officer (CPO)
aka
Data Protection Officer (DPO)

51

Question 38

Organisational Structure, Roles, Responsibilities

A role that includes oversight over policy and organisation functions that come into scope for regulations and standards

Answer 38

Chief Compliance Officer
(CCO)

51

Question 39

Organisational Structure, Roles, Responsibilities

This role is responsible for performing risk assessments and maintaining the risk register

Answer 39

Risk Manager

54

Question 40

Organisational Structure, Roles, Responsibilities

This role works closely with the risk manager and is responsible for maintaining security and privacy policy documents and related information

Answer 40

Policy Manager

54

Question 41

Organisational Structure, Roles, Responsibilities

This role is responsible for maintaining security controls, advising control owners on responsibilities and expectations, and assessing controls for effectiveness

Answer 41

Controls Manager

54

Question 42

Organisational Structure, Roles, Responsibilities

THis role is responsible for data classification policy and serves as a governance function to manage the organisations use of information

Answer 42

Information Governance

54

Question 43

Organisational Structure, Roles, Responsibilities

4 core roles in the business resilience function responsible for various activities that ensure the organisation can continue operations despite disruptive events

Answer 43

1. Crisis Communications Officer
2. Crisis Manager
3. Business Continuity Planner
4. Disaster Recover Planner

54

Question 44

Organisational Structure, Roles, Responsibilities

Roles within the security operations function are responsible for designing, building and monitoring security systems and controls to ensure information systems maintain what 3 things

Answer 44

1. Confidentiality
2. Integrity
3. Availability

CIA

54

Question 45

Organisational Structure, Roles, Responsibilities

2 core roles within the Security Audit function responsible for examining process design and verifying the effectiveness of security controls

Answer 45

1. Security Audit Manager
2. Security Auditor

54

Question 46

Organisational Structure, Roles, Responsibilities

2 core roles within the Quality Assurance function responsible for examining process design and verifying the effectiveness of security controls

Answer 46

1. QA manager
2. QC Manager

Quality Assurance
Quality Control

56

Question 47

Organisational Structure, Roles, Responsibilities

Controls and internal audit
An intenral audit of controls provides an objective analysis of what

Answer 47

control effectiveness

57

Question 48

Organisational Structure, Roles, Responsibilities

Metrics and Reporting
Developing metrics for repeated activities helps management better understand what

Answer 48

Work output

57

Question 49

Organisational Structure, Roles, Responsibilities

Work measurement
A structured activity used to measure repeated tasks carefully helps management better understand what

Answer 49

volume of work performed

57