1. What is a policy?
A. An overall statement of information security scope and direction
B. A minimum threshold of information security controls that must be implemented
C. A checklist of steps that must be completed to ensure information security
D. A technology-dependent statement of best practices
E. Recommended actions and operational guides
2. What is information security governance?
3. What type of policy would an organization use to forbid its employees from using organizational email for personal use?
A. Privacy policy
B. Intellectual property policy
C. Anti-harassment policy
D. Acceptable use policy
E. Monitoring policy
4. What is software piracy?
A. Unauthorized copying of software
B. Unauthorized distribution of software
C. Unauthorized use of software properly purchased by an organization
D. All of these are correct.
E. None of these is correct.
5. What is information security management?
6. Employer monitoring of employee electronic communications can be a normal term of employment if advance notice is given.
A. True
B. False
7. What is a standard?
8. Which law states requirements for federal agency information security governance?
A. FISMA
B. FERPA
C. HIPAA
D. GLBA
E. FIPPS
9. A guideline is a list of mandatory activities that must be completed to achieve an information security goal.
A. True
B. False
10. Which role is usually the most senior information technology official in an organization?
A. CFO
B. CISO
C. CTO
D. CIO
E. None of these is correct.
11. What is a procedure?
12. Which management layer has overall responsibility for information security governance?
A. CIO
B. CISO
C. Board of directors
D. Employees
E. Information security managers
13. What is the final step in the policy development process?
A. Maintenance and review
B. Management approval
C. Continued awareness activities
D. Communication to employees
E. Stakeholder review
14. What factors drive data retention policies?
A. Legal requirements
B. Business need for information
C. Historical need for information
D. Storage space requirements
E. All of these are correct.
15. What is a valid reason for allowing an information security policy exception?
A. The cost of implementing security policy is too high.
B. The cost of compliance with the policy is more than the cost of noncompliance.
C. It is not technically feasible to implement the policy.
D. End users believe that the policy makes their work harder.
E. It is too difficult to implement the policy.