Which of the following would BEST ensure the success of information security governance within an organization?
A. Steering committees approve security projects
B. Security policy training provided to all managers
C. Security training available to all employees on the intranet
D. Steering committees enforce compliance with laws and regulations
SHOW ANSWERS
Correct Answer: A
Explanation/Reference:
Explanation:
The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance. However, it must be guided and approved as a security project by the steering committee.
Download Printable PDF. VALID exam to help you PASS.
Which of the following would BEST ensure the success of information security governance within
an organization?
A.
Steering committees approve security projects
B.
Security policy training provided to all managers
C.
Security training available to all employees on the intranet
D.
Steering committees enforce compliance with laws and regulations
Explanation:
The existence of a steering committee that approves all security projects would be an indication of
the existence of a good governance program. Compliance with laws and regulations is part of the
responsibility of the steering committee but it is not a full answer. Awareness training is important
at all levels in any medium, and also an indicator of good governance. However, it must be guided
and approved as a security project by the steering committee.
Show Answer
Which of the following should an information security manager do FIRST when a legacy application is not compliant with a regulatory requirement, but the business unit does not have the budget for remediation?
- A. Develop a business case for funding remediation efforts.
- B. Advise senior management to accept the risk of noncompliance.
- C. Notify legal and internal audit of the noncompliant legacy application.
- D. Assess the consequences of noncompliance against the cost of remediation.
Correct Answer: D 🗳️