MIS 579 Quiz-MC-Chapter 03 part 2

.docx

School

University of Illinois, Springfield *

*We aren’t endorsed by this school

Course

579

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

3

Uploaded by ChancellorSalmon3605

Report
Flag question: Question 6 Question 6 1 pts The basic outcomes of InfoSec governance should include all but which of the following? Group of answer choices Value delivery by optimizing InfoSec investments in support of organizational objectives Performance measurement by measuring, monitoring, and reporting information security governance metrics to ensure that organizational objectives are achieved Time management by aligning resources with personnel schedules and organizational objectives Resource management by utilizing information security knowledge and infrastructure efficiently and effectively The basic outcomes of InfoSec governance should not include "Time management by aligning resources with personnel schedules and organizational objectives." Time management, in the context of information security governance, is more related to project management and scheduling, whereas the other options listed are more directly related to the key outcomes of information security governance, such as value delivery, performance measurement, and resource management. Flag question: Question 7 Question 7 1 pts Internal and external stakeholders, such as customers, suppliers, or employees who interact with information in support of their organization’s planning and operations, are known as ____________. Group of answer choices data owners data custodians data users data generators Internal and external stakeholders who interact with information in support of their organization's planning and operations are typically referred to as "data users." Data users are individuals or entities that rely on data and information to carry out their roles and responsibilities within an organization, and they may include
customers, suppliers, employees, and other parties who require access to data for various purposes. Flag question: Question 8 Question 8 1 pts The National Association of Corporate Directors (NACD) recommends four essential practices for boards of directors. Which of the following is NOT one of these recommended practices? Group of answer choices Hold regular meetings with the CIO to discuss tactical InfoSec planning. Assign InfoSec to a key committee and ensure adequate support for that committee. Ensure the effectiveness of the corporation’s InfoSec policy through review and approval. Identify InfoSec leaders, hold them accountable, and ensure support for them. Hold regular meetings with the CIO to discuss tactical InfoSec planning" is NOT one of the recommended practices by the National Association of Corporate Directors (NACD). While it is important for boards of directors to have oversight and involvement in information security (InfoSec), the NACD's essential practices are more focused on governance, policy approval, leadership accountability, and ensuring support for InfoSec leaders. Tactical planning and regular meetings with the Chief Information Officer (CIO) are typically operational activities that would be carried out by the organization's management and IT team, rather than directly by the board of directors. Flag question: Question 9 Question 9 1 pts Which of the following should be included in an InfoSec governance program? Group of answer choices An InfoSec maintenance methodology An InfoSec risk management methodology An InfoSec project management assessment All of these are components of the InfoSec governance program.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help