Question

Which of the following provides the MOST comprehensive understanding of an organization’s information security posture? A....

Which of the following provides the MOST comprehensive understanding of an organization’s information security posture?

A. Risk management metrics
B. External audit findings
C. Results of vulnerability assessments
D. The organization’s security incident trends

Correct Answer: A ???? or D?????? or ...........

______________________

Note

■ Some good websites claim that the correct answer is A ("Risk management metrics").

■ Others good websites claim that the correct answer is D ("The organization’s security incident trends").

■ Why A and not D? Why D and not A?

Many thanks!

Engineering   Computer-Science   
0 0
Add a commentTranscribed image text
Next >

Homework Answers

Answer #1

Answer : A. Risk management metrics

Explanation :

  • Both Risk management metrics and The organisation’s security incident trends contains the data of previous occurred security incidents.
  • Risk management metrics is more comprehensive than The organisation’s security incident trends. Risk management metrics contains information like total number of risks that are identified and the number of risks which occurred. It also contains the frequency of risks, cost incurred for the risk and the status of the risk.
  • So, Risk management metrics is more comprehensive than The organisation’s security incident trends.
0 0
Know the answer?
Your Answer:

Post as a guest

Your Name:

What's your source?

Earn Coins

Coins can be redeemed for fabulous gifts.

Log In

Sign Up

Not the answer you're looking for?
Ask your own homework help question
Similar Questions
An organization is considering the purchase of a competitor. To determine the competitor's security posture, the...
An organization is considering the purchase of a competitor. To determine the competitor's security posture, the BEST course of action for the organization's information security manager would be to: A. assess the security policy of the competitor. B. assess the key technical controls of the competitor. C. conduct a penetration test of the competitor. D. perform a security gap analysis on the competitor. Correct Answer: A???? or C????? or Others…. ______________________ Note ■ Some good websites claim that the correct...
Which of the following is the MOST important component of a risk profile? A. Risk management...
Which of the following is the MOST important component of a risk profile? A. Risk management framework B. Data classification results C. Penetration test results D. Risk assessment methodology Correct Answer: A????? or B???????? or D???????? ______________________ Note ■ Some good websites claim that the correct answer is: "A. Risk management framework". ■ Other good websites claim that the correct answer is "D. Risk assessment methodology". ■ From point of view, the best answer is: "B. Data classification results" ■...
A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations....
A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management? A. The organization uses a decentralized privacy governance structure. B. Privacy policies are only reviewed annually. C. The organization does not have a dedicated privacy officer. D. The privacy program does not include a formal training component. Correct Answer: A????   or   D???????? ______________________ Note ■ Some good websites claim that the correct...
Which of the following is the BEST way to align security and business strategies? A. Include...
Which of the following is the BEST way to align security and business strategies? A. Include security risk as part of corporate risk management. B. Develop a balanced scorecard for security. C. Establish key performance indicators (KPIs) for business through security processes. D. Integrate information security governance into corporate governance. Correct Answer: C????? or D????? or B?????????? ______________________ Note ■ Some websites claim that the correct answer is C ("Establish key performance indicators (KPIs) for business through security processes"). Ultimately...
Information classification is a fundamental step in determining: A. whether risk analysis objectives are met. B....
Information classification is a fundamental step in determining: A. whether risk analysis objectives are met. B. who has ownership of information. C. the type of metrics that should be captured. D. the security strategy that should be used. Correct Answer: B????? or D????????? ______________________ Note ■ Some experts claim that the correct answer is: "B. who has ownership of information." ■ Other experts claim that the correct answer is: "D. the security strategy that should be used." ■ What do...
Business units within an organization are resistant to proposed changes to the information security program. Which...
Business units within an organization are resistant to proposed changes to the information security program. Which of the following is the BEST way to address this issue? A. Implementing additional security awareness training B. Communicating critical risk assessment results to business unit managers C. Including business unit representation on the security steering committee D. Publishing updated information security policies Correct Answer: B?????? or C?????????? ______________________ Note ■ Some experts claim that the correct answer is: "B. Communicating critical risk assessment...
Which of the following is the MOST effective data loss control when connecting a personally owned...
Which of the following is the MOST effective data loss control when connecting a personally owned mobile device to the corporate email system? A. Email must be stored in an encrypted format on the mobile device. B. Email synchronization must be prevented when connected to a public Wi-Fi hotspot. C. A senior manager must approve each connection. D. Users must agree to allow the mobile device to be wiped if it is lost. Correct Answer: A???????? or   D????????????? ______________________ Note...
1) Which of the following is not a valid way that a CRM system can collect...
1) Which of the following is not a valid way that a CRM system can collect information? A. accounting system B. order fulfillment system C. inventory system D. customer’s personal computer 2)Which of the following is a common marketing CRM metric? A. number of new prospective customers B. average number of service calls per day C. average time to resolution D. cost per interaction by marketing campaign 3)Which question below represents a CRM reporting technology example? A. Why did sales...
5. Which of the following would not lead a manager to believe that an ethical concern...
5. Which of the following would not lead a manager to believe that an ethical concern exists? A. Have I done anything that coerced somebody to share this information? B. Is the contemplated technique for gathering information relevant? C. Have I done something to circumvent a system intended to secure or protect information? D. Have I misled anybody in order to gain access? 6. SWOT analysis is a framework for analyzing the internal and external environment of a company. It...
During the trial, lawyers for the accused said that the men believed that the accounting decisions...
During the trial, lawyers for the accused said that the men believed that the accounting decisions they made were appropriate at the time, and that the accounting treatment was approved by Nortel’s auditors from Deloitte & Touche. Judge Marrocco accepted these arguments. Marrocco added he was “not satisfied beyond a reasonable doubt” that the trio (i.e., Dunn, Beatty, and Gollogly) had “deliberately misrepresented” financial results. Given the facts of the case, do you believe Judge Marrocco’s decision was justified? Explain....
ADVERTISEMENT
Need Online Homework Help?

Get Answers For Free
Most questions answered within 1 hours.

Ask a Question
ADVERTISEMENT