IT Examiner School eBook

Review Question 2 What type of controls includes the use of policies and procedures to implementation an information security program? A. Administrative

B. Technical C. Physical

Governance Review

• Designated by (and report to)Board or senior management • Responsible for C-I-A • Risk managers not IT resource. • Reporting structure designed to prevent conflicts of interest The "CISO" • Assist in the oversight of the Program. • Liaise between Management, IT, and InfoSec. • Assist in Risk activities into the decision-making process. • Oversees compliance activities. IT/Cyber Steering Committee

• Provide oversight • Provide funding and support • Ensure testing • Prioritize business functions • “Sign-off” on Policies, risk assessments/acceptance, and other organizational documents. The Board & Executive Management

24