Quick Tips 2

Question 1

A BLANK, also called a safeguard or control, mitigates the risk.

Answer 1

countermeasure

Question 2

A BLANK can be administrative, technical, or physical and can provide deterrent, preventive, detective, corrective, or recovery protection.

Answer 2

control

Question 3

A BLANK is an alternate control that is put into place because of financial or business functionality reasons.

Answer 3

compensating control

Question 4

BLANK is a framework of control objectives and allows for IT governance.

Answer 4

CobiT

Question 5

BLANK is the standard for the establishment, implementation, control, and improvement of the information security management system.

Answer 5

ISO/IEC 27001

Question 6

The BLANK series were derived from BS 7799 and are international best practices on how to develop and maintain a security program.

Answer 6

ISO/IEC 27000

Question 7

BLANK are used to develop architectures for specific stakeholders and present information in views.

Answer 7

Enterprise architecture frameworks

Question 8

An BLANK is a coherent set of policies, processes, and systems to manage risks to information assets as outlined in ISO\IEC 27001.

Answer 8

information security management system (ISMS)

Question 9

BLANK is a subset of business architecture and a way to describe current and future security processes, systems, and subunits to ensure strategic alignment.

Answer 9

Enterprise security architecture

Question 10

BLANK are functional definitions for the integration of technology into business processes.

Answer 10

Blueprints

Question 11

BLANK are used to build individual architectures that best map to individual organizational needs and business drivers.

Answer 11

Enterprise architecture frameworks

Question 12

BLANK is an enterprise architecture framework, and BLANK is a security enterprise architecture framework.

Answer 12

Zachman, SABSA

Question 13

BLANK is a governance model used to help prevent fraud within a corporate environment.

Answer 13

COSO

Question 14

BLANK is a set of best practices for IT service management.

Answer 14

ITIL

Question 15

BLANK is used to identify defects in processes so that the processes can be improved upon.

Answer 15

Six Sigma

Question 16

BLANK is a maturity model that allows for processes to improve in an incremented and standard approach.

Answer 16

CMMI

Question 17

BLANK should tie in strategic alignment, business enablement, process enhancement, and security effectiveness.

Answer 17

Security enterprise architecture

Question 18

BLANK uses the following control categories: technical, management, and operational.

Answer 18

NIST 800-53

Question 19

BLANK is a team-oriented risk management methodology that employs workshops and is commonly used in the commercial sector.

Answer 19

OCTAVE

Question 20

Security management should work from the BLANK.

Answer 20

top down (from senior management down to the staff)