Home > Articles

  • Print
  • + Share This
This chapter is from the book

2.7 Key Terms and Review Questions

Key Terms

After completing this chapter, you should be able to define the following terms:

  • architecture

  • C-level

  • chief executive officer (CEO)

  • chief information officer (CIO)

  • chief information security officer (CISO)

  • chief operating officer (COO)

  • chief privacy officer (CPO)

  • chief risk officer (CRO)

  • chief security officer (CSO)

  • enterprise architecture

  • enterprise risk management (ERM) committee

  • Federal Enterprise Architecture Framework (FEAF)

  • governance

  • information security architecture

  • information security governance

  • information security implementation/operations

  • information security steering (ISS) committee

  • information security management

  • information security strategic planning

  • information technology (IT)

  • IT strategic planning

  • RACI chart

  • security governance

  • security implementation/operations

  • security management

  • security program

  • stakeholder

  • strategic plan

Review Questions

Answers to the Review Questions can be found online in Appendix C, “Answers to Review Questions.” Go to informit.com/title/9780134772806.

  1. Briefly differentiate between information security governance and information security management.

  2. Explain how the three supplemental factors in Figure 2.1—internal incident and global vulnerability reports, standards and best practices, and user feedback—play interconnected roles in designing a security program.

  3. Differentiate between internal and external stakeholders from an information security point of view.

  4. What are the two key pillars on which IT strategy planning should ideally be based?

  5. What are the three categories of metrics for evaluating an organization’s security governance?

  6. What are the five roles within a security governing body structure defined in COBIT 5?

  7. Explain the acronym RACI from context of information security policy.

  • + Share This
  • 🔖 Save To Your Account