Security Governance

5 minutes 5 Questions

Security governance refers to the overall set of guidelines, policies, and processes through which an organization manages its information security program. It encompasses security strategy, risk management, compliance, incident response, and employee awareness. Security governance helps align secu…

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

Question 1

The IT security team has detected suspicious activities on a company's intranet from an employee's computer. After conducting an investigation, it turns out the employee has been watching movies on unauthorized websites. To avoid similar incidents, what control should the company implement?

Establish an Acceptable Use Policy and enforce it through training and technology Install IP whitelisting on company computers Purchase legal streaming accounts for employees Require employees to sign a legally binding waiver

Correct Answer: Establish an Acceptable Use Policy and enforce it through training and technology

An Acceptable Use Policy (AUP) helps to communicate the company's expectations and guidelines, which can be enforced through training and technology. The other suggested controls do not focus on security governance and may not effectively address the issue.

Question 2

The board of directors wants to ensure that the company's new online payment platform adheres to proper security requirements. What should be the Information Security Officer's (ISO) role in this situation?

Develop the entire online payment platform Negotiate payment terms with clients Handle day-to-day operational activities Review and provide recommendations on the security controls

Correct Answer: Review and provide recommendations on the security controls

The ISO's role is to review security controls, provide recommendations, and make sure regulations and best practices are followed. Other suggested roles are not part of the ISO's core responsibilities in security governance.

Question 3

An organization wants to improve its response to security incidents. Which of the following actions should the organization implement?

Train IT staff in ethical hacking techniques Develop a formal Incident Response Plan (IRP) Upgrade their firewall system Migrate all internal services to an external cloud provider

Correct Answer: Develop a formal Incident Response Plan (IRP)

A formal Incident Response Plan (IRP) establishes a structured and organized approach to handling security incidents, reducing the impact and improving the overall response. The other options do not directly address incident response improvements and may have limited impact.

Join the Elite: Pass Your CISSP

4,400+ questions across all 8 CBK domains

Security Governance

Guide: Understanding Security Governance for CISSP

CISSP - Security Governance Example Questions

Question 1

Question 2

Question 3

Join the Elite: Pass Your CISSP