- Study guides, Class notes & Summaries

Q.No.1 Which of the following is MOST important for an organization that wants to reduce IT operational risk? A. Increasing senior management's understanding of IT operations B. Increasing the frequency of data backups C. Minimizing complexity of IT infrastructure D. Decentralizing IT infrastructure Q.No.2 Deviation from a mitigation action plan's completion date should be determined by which of the following? A. Benchmarking analysis with similar completed projects B. Change manag...

Confidentiality Protection from unauthorized access integrity Protection from unauthorized modification Availability protection from disruptions in access Cybersecurity the protection of information assets (digital assets) by addressing threats to information processed, stored, and transported by internetworked information systems NIST Functions to Protect Digital Assets IPDRR 1) Identify 2) Protect 3) Detect 4) Respond 5) Recover Nonrepudiation Def: ensuring that a message or other p...

Exam A QUESTION 1 IS management has decided to rewrite a legacy customer relations system using fourth-generation languages (4GLs). Which of the following risks is MOST often associated with system development using 4GLs? A. Inadequate screen/report design facilities B. Complex programming language subsets C. Lack of portability across operating systems D. Inability to perform data intensive operations Correct Answer: D Section: (none) Explanation Explanation/Reference: 4GLs are usu...

TABLE OF CONTENTS Introduction...................................................................................................................................................................3 Purpose of This Publication.........................................................................................................................................3 Audience...................................................................................................................................

Re-evaluation of ISACA Risk analysis According to De Haes et al. (2020), the use of COBIT implementation in IT governance plays a critical role in risk assessment. The method takes into consideration the probability as well as the direct impact of a threat to help people management make informed decisions. Roldán-Molina et al. (2017) state that proper assessment must incorporate all the potential risks individually. RISK EVENT PROBABILITY IMPACT OVERALL RISK RATING Laptop or mobile device wi...

Three common controls used to protect availablity. a) redundancy, backups and access control b. Encryption, file permissions and access controls. c. Access controls, logging and digital signatures. d. Hashes, logging and backups. - ANS - A. Redundancy, backups and access control Governance has several goals including: a. providing strategic direction b. ensuring that objectives are achieved c. verifying that organizational resources are being used appropriately d. directing and monitori...

Questions - correct answer Answers and Explanations Decisions regarding information security are best supported by - correct answer effective metrics effective metrics are essential to provide information needed to make decisions. Metrics are quantifiable entity that allows the measurement of the achievement of a process goal. A project manager is developing a developer portal and request that the security manager assign a public IP address so that it can be accessed by in house staff an...

Cybersecurity the "preservation of confidentiality, integrity and availability of information in the Cyberspace" Cyberspace the complex environment resulting from the interaction of people, software and services on the Internet by means of technology devices and networks connected to it, which does not exist in any physical form NIST Cybersecurity Framework Identify—Use organizational understanding to minimize risk to systems, assets, data and capabilities. Protect—Design safeguards...

Enterprises and their executives strive to: • Maintain quality information to support business decisions. • Generate business value from IT-enabled investments, i.e., achieve strategic goals and realise business benefits through effective and innovative use of IT. • Achieve operational excellence through reliable and efficient application of technology. • Maintain IT-related risk at an acceptable level. • Optimise the cost of IT services and technology. How can these benefits...