Security Management models

1. What are the five basic outcomes that should be achieved through InfoSec governance?
1. Strategic alignment of InfoSec with business strategy to support organizational objectives

2. Risk management by executing appropriate measures to manage and mitigate threats to information resources

3. Resource management by utilizing InfoSec knowledge and infrastructure efficiently and effectively

4. Performance measurement by measuring, monitoring, and reporting InfoSec governance metrics to ensure that organizational objectives are achieved

5. Value delivery by optimizing InfoSec investments in support of organizational objectives.

Threat Identification is the third step in Risk Assessment
False
One of the first positions that management must articulate is the _____ statement.
values
A benefit of Information Security Governance is:
Assurance of effective InfoSec policy and policy compliance
Factors that can affect planning are Physical, Political & Legal, Competitive, and ______ Environments
technological
For top-down approach to success, High-Level management must buy into the effort and provide full support to all departments.
True
Project and/or Resource Management is dominated by:
planning
_______ are people or organizations that have a “stake” in a particular aspect of the planning or operation of the organization.
Stakeholders
The first step in a Risk Assessment is:
System Characterization
Risk Management Guide for Information Technology Systems is referred to as NIST SP801-30
False it is NIST SP 800-30
Select all the basic components of a typical strategic plan:
executive summary

program goals and objectives

GRC stands for Governance, Resources and Compliance
False
Outputs from System Characterization include:
All the above
ERM stands for Enterprise Risk Management.
True
Planning Levels in order are:
Strategic, Tactical, Operational