Which framework should be recommended for establishing a comprehensive information security management system in an organization?Question 4Select one:CIA TriadISO/IEC 27000NIST/NICE frameworkISO OSI model

Which one of the following industry standards describes a standard approach for setting up an information security management system?CISISO 27002OWASPISO 27001

What is a foundational model that informs how organizations consider risk when setting up systems and security policies?1 pointGeneral Data Protection Regulation law (GDPR)Cybersecurity Framework (CSF)Confidentiality, integrity, and availability (CIA) triadSensitive personally identifiable information (SPII)

1.Question 1What are some of the primary purposes of security frameworks? Select three answers.1 pointSafeguarding specific individualsAligning security with business goalsManaging organizational risks Protecting PII data2.Question 2Which of the following are core components of security frameworks? Select two answers.1 pointEstablishing regulatory compliance measuresImplementing security processesMonitoring and communicating results Managing data requests3.Question 3Fill in the blank: A security professional has been tasked with implementing strict password policies on workstations to reduce the risk of password theft. This is an example of _____.1 pointsecurity teams hardware changesnetworking regulationssecurity controls4.Question 4You are helping your security team consider risk when setting up a new software system. Using  the CIA triad, you focus on integrity, availability, and what else?1 pointConfidentialityConformityCommunicationConsent5.Question 5Fill in the blank: A key aspect of the CIA triad is ensuring that data is correct, _____, and reliable.1 pointcentralizedupdatedpublicauthentic6.Question 6Which of the following statements accurately describe the NIST CSF? Select all that apply.1 pointSecurity teams use it as a baseline to manage risk.Its purpose is to help manage cybersecurity risk. It consists of standards, guidelines, and best practices.It is only effective at managing long-term risk.7.Question 7Fill in the blank: Some of the most dangerous threat actors are _____ because they often know where to find sensitive information, can access it, and may have malicious intent. 1 point past vendorsdissatisfied customersdisgruntled employeessenior partners8.Question 8A security professional overhears two employees discussing an exciting new product that has not been announced to the public. The security professional chooses to follow company guidelines with regards to confidentiality and does not share the information about the new product with friends. Which concept does this scenario describe?1 pointPreserving evidenceData encryptionSecurity ethicsSecurity controls9.Question 9Fill in the blank: The ethical principle of _____ involves safeguarding a company database that contains sensitive information about employees.1 pointnon-bias privacy protectionhonestyunrestricted access10.Question 10Which ethical principle describes the rules that are recognized by a community and enforced by a governing entity?1 pointGuidelinesRestrictionsProtectionsLaws

Which of the following are core components of security frameworks? Select two answers.1 point Managing data requestsImplementing security processesEstablishing regulatory compliance measuresMonitoring and communicating results

How do security frameworks enable security professionals to help mitigate risk?1 pointThey are used to establish guidelines for building security plans.They are used to refine elements of a core security model known as the CIA triad.They are used to establish laws that reduce a specific security risk.They are used to create unique physical characteristics to verify a person’s identity.