CISM Certified Information Security Manager – Question1417
In an organization, the responsibilities for IT security are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed. This represents which level of ranking in the information security governance maturity model? A. Optimized B. Managed C. Defined D. Repeatable
Correct Answer: B
Explanation:
Explanation: Boards of directors and executive management can use the information security governance maturity model to establish rankings for security in their organizations. The ranks are nonexistent, initial, repeatable, defined, managed and optimized. When the responsibilities for IT security in an organization are clearly assigned and enforced and an IT security risk and impact analysis is consistently performed, it is said to be ‘managed and measurable.’
Please disable your adblocker or whitelist this site!