Question

Business units within an organization are resistant to proposed changes to the information security program. Which...

Business units within an organization are resistant to proposed changes to the information security program. Which of the following is the BEST way to address this issue?

A. Implementing additional security awareness training
B. Communicating critical risk assessment results to business unit managers
C. Including business unit representation on the security steering committee
D. Publishing updated information security policies

Correct Answer: B?????? or C??????????

______________________

Note

■ Some experts claim that the correct answer is: "B. Communicating critical risk assessment results to business unit managers"

■ Other experts claim that the correct answer is: "C. Including business unit representation on the security steering committee"

■ What do you think about that? Please explains: Why B and not C......or.......Why C and not B

Many thanks!

Homework Answers

Answer #1

The business units within an oraganization are resistant to proposal changes to information security program, the best way to address this issue is Communicating critical risk assessment results to business unit managers, this is said as the information security changes lead to critical assessment to the bysness unit managers, as they have the responsibility of the information security program.

The Including business unit representation on the security steering committee is not suitable as the job role of business unit does not changes to security steering committee so the option suited is the Communicating critical risk assessment results to business unit managers, as here risk assemesnt after changing is a difficult task.

----------------------------------------------Please Upvote--------------------------------------------------------------------------------------

Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
Which of the following is the BEST way to align security and business strategies? A. Include...
Which of the following is the BEST way to align security and business strategies? A. Include security risk as part of corporate risk management. B. Develop a balanced scorecard for security. C. Establish key performance indicators (KPIs) for business through security processes. D. Integrate information security governance into corporate governance. Correct Answer: C????? or D????? or B?????????? ______________________ Note ■ Some websites claim that the correct answer is C ("Establish key performance indicators (KPIs) for business through security processes"). Ultimately...
What is the MOST important consideration when establishing metrics for reporting to the information security strategy...
What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee? A. Agreeing on baseline values for the metrics B. Developing a dashboard for communicating the metrics C. Providing real-time insight on the security posture of the organization D. Benchmarking the expected value of the metrics against industry standards Correct Answer: A???? or B??????   or C???????? ______________________ Note ■ Some good websites claim that the correct answer is A ("Agreeing on baseline values for...
To ensure the information security of outsourced IT services, which of the following is the MOST...
To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity? A. Review samples of service level reports from the service provider. B. Assess the level of security awareness of the service provider. C. Request that the service provider comply with information security policy. D. Review the security status of the service provider. Correct Answer: C?? or D???
Which of the following provides the MOST comprehensive understanding of an organization’s information security posture? A....
Which of the following provides the MOST comprehensive understanding of an organization’s information security posture? A. Risk management metrics B. External audit findings C. Results of vulnerability assessments D. The organization’s security incident trends Correct Answer: A ???? or D?????? or ........... ______________________ Note ■ Some good websites claim that the correct answer is A ("Risk management metrics"). ■ Others good websites claim that the correct answer is D ("The organization’s security incident trends"). ■ Why A and not D?...
Information classification is a fundamental step in determining: A. whether risk analysis objectives are met. B....
Information classification is a fundamental step in determining: A. whether risk analysis objectives are met. B. who has ownership of information. C. the type of metrics that should be captured. D. the security strategy that should be used. Correct Answer: B????? or D????????? ______________________ Note ■ Some experts claim that the correct answer is: "B. who has ownership of information." ■ Other experts claim that the correct answer is: "D. the security strategy that should be used." ■ What do...
Which of the following is the MOST important component of a risk profile? A. Risk management...
Which of the following is the MOST important component of a risk profile? A. Risk management framework B. Data classification results C. Penetration test results D. Risk assessment methodology Correct Answer: A????? or B???????? or D???????? ______________________ Note ■ Some good websites claim that the correct answer is: "A. Risk management framework". ■ Other good websites claim that the correct answer is "D. Risk assessment methodology". ■ From point of view, the best answer is: "B. Data classification results" ■...
Multiple Choice Questions 1. Which of the following main issues are included in the definition of...
Multiple Choice Questions 1. Which of the following main issues are included in the definition of accounting? a) recognizing, recording, classifying, and summarizing business transactions b) measuring, analyzing, processing, and interpreting operating results c) reporting and presenting the financial position d) all of the above 2. The American Accounting Association defines accounting to be: a) the process of measuring, analyzing, processing, interpreting result of operation, reporting and presenting financial Position b) the process of identifying, measuring and communicating economic information...
What is the answer to these Quastions? The performance effectiveness of employees is provided to them...
What is the answer to these Quastions? The performance effectiveness of employees is provided to them during the _______ process. a. Performance appraisal b. Achievement discrepancy c. Ability analysis d. Performance feedback e. a and d are correct From a(n)  ______________ standpoint, the effect on performance motivation may be limited in ownership program because of the less obvious link between pay and performance. a.   Agency theory b.   Equity theory c.   Efficiency wage theory d.   Reinforcement theory e.   Contract theory Prometheus Corp. is a large-scale manufacturer of...
1) Which of the following is not a valid way that a CRM system can collect...
1) Which of the following is not a valid way that a CRM system can collect information? A. accounting system B. order fulfillment system C. inventory system D. customer’s personal computer 2)Which of the following is a common marketing CRM metric? A. number of new prospective customers B. average number of service calls per day C. average time to resolution D. cost per interaction by marketing campaign 3)Which question below represents a CRM reporting technology example? A. Why did sales...
Using the model proposed by Lafley and Charan, analyze how Apigee was able to drive innovation....
Using the model proposed by Lafley and Charan, analyze how Apigee was able to drive innovation. case:    W17400 APIGEE: PEOPLE MANAGEMENT PRACTICES AND THE CHALLENGE OF GROWTH Ranjeet Nambudiri, S. Ramnarayan, and Catherine Xavier wrote this case solely to provide material for class discussion. The authors do not intend to illustrate either effective or ineffective handling of a managerial situation. The authors may have disguised certain names and other identifying information to protect confidentiality. This publication may not be...
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT