Question

Which of the following provides the MOST comprehensive understanding of an organization’s information security posture? A....

Which of the following provides the MOST comprehensive understanding of an organization’s information security posture?

A. Risk management metrics
B. External audit findings
C. Results of vulnerability assessments
D. The organization’s security incident trends

Correct Answer: A ???? or D?????? or ...........

______________________

Note

■ Some good websites claim that the correct answer is A ("Risk management metrics").

■ Others good websites claim that the correct answer is D ("The organization’s security incident trends").

■ Why A and not D? Why D and not A?

Many thanks!

Engineering   Computer-Science   
0 0
Add a commentTranscribed image text
Next >

Homework Answers

Answer #1

Answer : A. Risk management metrics

Explanation :

  • Both Risk management metrics and The organisation’s security incident trends contains the data of previous occurred security incidents.
  • Risk management metrics is more comprehensive than The organisation’s security incident trends. Risk management metrics contains information like total number of risks that are identified and the number of risks which occurred. It also contains the frequency of risks, cost incurred for the risk and the status of the risk.
  • So, Risk management metrics is more comprehensive than The organisation’s security incident trends.
0 0
Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
What is the MOST important consideration when establishing metrics for reporting to the information security strategy...
What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee? A. Agreeing on baseline values for the metrics B. Developing a dashboard for communicating the metrics C. Providing real-time insight on the security posture of the organization D. Benchmarking the expected value of the metrics against industry standards Correct Answer: A???? or B??????   or C???????? ______________________ Note ■ Some good websites claim that the correct answer is A ("Agreeing on baseline values for...
An organization is considering the purchase of a competitor. To determine the competitor's security posture, the...
An organization is considering the purchase of a competitor. To determine the competitor's security posture, the BEST course of action for the organization's information security manager would be to: A. assess the security policy of the competitor. B. assess the key technical controls of the competitor. C. conduct a penetration test of the competitor. D. perform a security gap analysis on the competitor. Correct Answer: A???? or C????? or Others…. ______________________ Note ■ Some good websites claim that the correct...
Which of the following is the MOST important component of a risk profile? A. Risk management...
Which of the following is the MOST important component of a risk profile? A. Risk management framework B. Data classification results C. Penetration test results D. Risk assessment methodology Correct Answer: A????? or B???????? or D???????? ______________________ Note ■ Some good websites claim that the correct answer is: "A. Risk management framework". ■ Other good websites claim that the correct answer is "D. Risk assessment methodology". ■ From point of view, the best answer is: "B. Data classification results" ■...
A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations....
A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management? A. The organization uses a decentralized privacy governance structure. B. Privacy policies are only reviewed annually. C. The organization does not have a dedicated privacy officer. D. The privacy program does not include a formal training component. Correct Answer: A????   or   D???????? ______________________ Note ■ Some good websites claim that the correct...
Which of the following is the BEST way to align security and business strategies? A. Include...
Which of the following is the BEST way to align security and business strategies? A. Include security risk as part of corporate risk management. B. Develop a balanced scorecard for security. C. Establish key performance indicators (KPIs) for business through security processes. D. Integrate information security governance into corporate governance. Correct Answer: C????? or D????? or B?????????? ______________________ Note ■ Some websites claim that the correct answer is C ("Establish key performance indicators (KPIs) for business through security processes"). Ultimately...
Information classification is a fundamental step in determining: A. whether risk analysis objectives are met. B....
Information classification is a fundamental step in determining: A. whether risk analysis objectives are met. B. who has ownership of information. C. the type of metrics that should be captured. D. the security strategy that should be used. Correct Answer: B????? or D????????? ______________________ Note ■ Some experts claim that the correct answer is: "B. who has ownership of information." ■ Other experts claim that the correct answer is: "D. the security strategy that should be used." ■ What do...
Business units within an organization are resistant to proposed changes to the information security program. Which...
Business units within an organization are resistant to proposed changes to the information security program. Which of the following is the BEST way to address this issue? A. Implementing additional security awareness training B. Communicating critical risk assessment results to business unit managers C. Including business unit representation on the security steering committee D. Publishing updated information security policies Correct Answer: B?????? or C?????????? ______________________ Note ■ Some experts claim that the correct answer is: "B. Communicating critical risk assessment...
Which of the following is the MOST effective data loss control when connecting a personally owned...
Which of the following is the MOST effective data loss control when connecting a personally owned mobile device to the corporate email system? A. Email must be stored in an encrypted format on the mobile device. B. Email synchronization must be prevented when connected to a public Wi-Fi hotspot. C. A senior manager must approve each connection. D. Users must agree to allow the mobile device to be wiped if it is lost. Correct Answer: A???????? or   D????????????? ______________________ Note...
Please answer the following 10 multiply questions correctly on security operations. 1. Which of the following...
Please answer the following 10 multiply questions correctly on security operations. 1. Which of the following is a correct statement regarding digital forensics? It is the study of computer technology. It is a set of hardware-specific processes that must be followed in order for evidence to be admissible in a court of law. It encompasses network and code analysis, and may be referred to as electronic data discovery. Digital forensic responsibilities should be assigned to a network administrator before an...
1) Which of the following is not a valid way that a CRM system can collect...
1) Which of the following is not a valid way that a CRM system can collect information? A. accounting system B. order fulfillment system C. inventory system D. customer’s personal computer 2)Which of the following is a common marketing CRM metric? A. number of new prospective customers B. average number of service calls per day C. average time to resolution D. cost per interaction by marketing campaign 3)Which question below represents a CRM reporting technology example? A. Why did sales...
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT