Chapter3

Question 1

T/f
Because it sets out general business intentions, a mission statement does not need to be concise.

Answer 1

False

Question 2

T/F
A clearly directed strategy flows from top to bottom rather than from bottom to top.

Answer 2

True

Question 3

T/F
The primary goal of external monitoring is to maintain an informed awareness of the state of all of the organization’s networks, information systems, and information security defenses.

Answer 3

False

Question 4

T/F
A top-down approach to information security usually begins with a systems administrator’s attempt to improve the security of their systems.

Answer 4

False

Question 5

T/F
Penetration testing is often conducted by penetration testers—consultants or outsourced contractors who might be referred to as red teams.

Answer 5

True

Question 6

T/F
Values statements should therefore be ambitous; after all, they are meant to express the aspirations of the organization.

Answer 6

False- Vision

Question 7

T/F
A person or organization that has a vested interest in a particular aspect of the planning or operation of the organization is a stockbroker.

Answer 7

False- Stakeholder

Question 8

T/F
The ISA 27014:2013 standard promotes five risk management processes, which should be adopted by the organization’s executive management and its governing board.

Answer 8

False- Governance

Question 9

T/F
Enterprise risk management is a valuable approach that can better align security functions with the business mission while offering opportunities to lower costs.

Answer 9

True

Question 10

Which of the following explicitly declares the business of the organization and its intended areas of operations? a. vision statement b. values statement c. mission statement d. business statement

Answer 10

C- mission

Question 11

Which type of planning is the primary tool in determining the long-term direction taken by an organization? a. strategic b. tactical c. operational d. managerial

Answer 11

A- strategic

Question 12

Which of the following is true about planning? a. Strategic plans are used to create tactical plans b. Tactical plans are used to create strategic plans c. Operational plans are used to create tactical plans d. Operational plans are used to create strategic plans

Answer 12

A- Stragetic plans are use to create tactical plans

Question 13

Which level of planning breaks down each applicable strategic goal into a series of incremental objectives? a. strategic b. operational c. organizational d. tactical

Answer 13

D- tactical

Question 14

Which type of planning is used to organize the ongoing, day-to-day performance of tasks? a. Strategic b. Tactical c. Organizational d. Operational

Answer 14

D- Operational

Question 15

The basic outcomes of InfoSec governance should include all but which of the following? a. Value delivery by optimizing InfoSec investments in support of organizational objectives b. Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved c. Time management by aligning resources with personnel schedules and organizational objectives d. Resource management by utilizing information security knowledge and infrastructure efficiently and effectively

Answer 15

C