Which Of These Best Defines Information Security Governance

Which of these best defines information security governance?

Standards may be published, scrutinized, and ratified by a group, as in formal or __________ standards.

The goals of information security governance include all but which of the following?

The actions taken by management to specify the short-term goals and objectives of the organization are ________.

The ______ is the high-level information security policy that sets the strategic direction, scope, and tone for all of an organization's security efforts.

In early 2014, in response to Executive Order 13636, NIST published the Cybersecurity Framework, which intends to allow organizations to _____________.

An information security _______ is a specification of a model to be followed during the design, selection, and initial and ongoing implementation of all subsequent security controls, including information security policies, security education, and training.

The stated purpose of ISO/IEC 27002:2013 is to give guidelines for organizational information security standards and information security __________ practices.

_____ controls address personnel security, physical security, and the protection of production inputs and outputs.

A detailed statement of what must be done to comply with management intent is known as a __________.

Nonmandatory recommendations the employee may use as a reference is known as a _______.

_________ is a strategy for the protection of information assets that uses multiple layers and different types of controls (managerial, operational, and technical) to provide optimal protection.

When ISO 17799 first came out, several countries, including the United States, Germany, and Japan, refused to adopt it, claiming that it had fundamental problems. Which of the following is NOT one of those problems?

____ controls cover security processes that are designed by strategic planners and implemented by the security administration of the organization.

Security ______ are the areas of trust within which users can freely communicate.

The actions taken by management to specify the intermediate goals and objectives of the organization are ____________.

_____ often function as standards or procedures to be used when configuring or maintaining systems.

The spheres of security are the foundation of the security framework and illustrate how information is under attack from a variety of sources, with far fewer protection layers between the information and potential attackers on the _______ side of the organization.

___________ is a strategy of suing multiple types of controls that prevent the failure of one system from compromising the security of informaiton.

SP 800-14, Generally Accepted Principles and Practices for Securing Information Technology Systems, provides best practices and security principles that can direct the security team in the development of a security ____.