Saint COM510 Chapter 9 Module Quiz Latest 2020

Ch. 9 – Module Quiz

Question 1 Looking at the paths taken by organizations similar to the one whose plan you are developing as a source for a blueprint is known as which of the following?

             due diligence

             best practices

             benchmarking

             baselining

Which of the following is NOT a factor critical to the success of an information security performance measurement program?

             Strong upper level management support

             Results oriented measurement analysis

             Quantifiable performance measurements

             High level of employee buy-in

In security management, which of the following is issued by a management official and serves as a means of assuring that systems are of adequate quality?

             Accreditation

             Performance measurement

             Testimonial

             Certification

Problems with benchmarking include all but which of the following?

 Benchmarking doesn’t help in determining the desired outcome of the security process

 Organizations being benchmarked are seldom identical

 Recommended practices change and evolve, thus past performance is no indicator of future success

 Organizations don’t often share information on successful attacks

What are the legal requirements that an organization adopt a standard based on what a prudent organization should do, and then maintain that standard?

             Certification and accreditation

             Best practices

             Due care and due diligence

             Baselining and benchmarking

Which of the following is NOT a question a CISO should be prepared to answer, about a performance measures program, according to Kovacich?

             Who will collect these measurements?

             What affect will measurement collection have on efficiency?

             Where will these measurements be collected?

             Why should these measurements be collected?

Which of the following InfoSec measurement specifications makes it possible to define success in the security program?

             Measurements templates

             Development approach

             Establishing targets

             Prioritization and selection

Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?

             Legal liability

             Baselining

             Information system faults

             Benchmarking

Which of the following terms is described as the process of designing, implementing, and managing the use of the collected data elements to determine the effectiveness of the overall security program?

             Best practices

             Performance management

             Baselining

             Standards of due care/diligence

Which of the following is NOT a consideration when selecting recommended best practices?

             Resource expenditures are practical

             Same networking architecture

             Organization structure is similar

             Threat environment is similar