When briefing senior management on the creation of a governance process, the MOST important aspect should be:
knowledge required to analyze each issue
information security metrics
linkage to business area objectives
baseline against which metrics are evaluated
Correct answer: C
Question 2
Which of the following should be determined while defining risk management strategies?
Organizational objectives and risk tolerance
Enterprise disaster recovery plans
Risk assessment criteria
IT architecture complexity
Correct answer: A
Question 3
A security manager regularly checks work areas after business hours for security violations; such as unsecured files or unattended computers with active sessions.
This activity BEST demonstrates what part of a security program?