Which of the following would best ensure success of information security governance within an organization?

Which of the following would BEST ensure the success of information security governance within an organization?
A. Steering committees approve security projects
B. Security policy training provided to all managers
C. Security training available to all employees on the intranet
D. Steering committees enforce compliance with laws and regulations

SHOW ANSWERS

Correct Answer: A
Explanation/Reference:
Explanation:
The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance. However, it must be guided and approved as a security project by the steering committee.

Download Printable PDF. VALID exam to help you PASS.

Which of the following would BEST ensure the success of information security governance within
an organization?

A.
Steering committees approve security projects

B.
Security policy training provided to all managers

C.
Security training available to all employees on the intranet

D.
Steering committees enforce compliance with laws and regulations

Explanation:

The existence of a steering committee that approves all security projects would be an indication of
the existence of a good governance program. Compliance with laws and regulations is part of the
responsibility of the steering committee but it is not a full answer. Awareness training is important
at all levels in any medium, and also an indicator of good governance. However, it must be guided
and approved as a security project by the steering committee.

Show Answer

Which of the following should an information security manager do FIRST when a legacy application is not compliant with a regulatory requirement, but the business unit does not have the budget for remediation?

• A. Develop a business case for funding remediation efforts.
• B. Advise senior management to accept the risk of noncompliance.
• C. Notify legal and internal audit of the noncompliant legacy application.
• D. Assess the consequences of noncompliance against the cost of remediation.

Correct Answer: D 🗳️

Which of the following would be the best indicator of effective information security governance within an organization?

Which of the following requirements is the most important when developing information security governance?

Which of the following should be reviewed to ensure that security controls are effective?

Which of the following factors is the most important for determining the success of an information security strategy?