( 36) An organization’ s security awareness program is an example of which type of security control?
( 37) Which of the following is a key measurement of an organization’ s risk appetite?
( 38) The core requirement of an automated IT security control library is that the information is ________.
( 39) Who is responsible for executing policies and procedures, such as backup and versioning?
( 40) Which IT framework extends the COBIT framework and is a comprehensive risk management approach?
( 41) In the financial services sector, the use of the“ three lines of defense” includes the business unit( BU), a risk management program, and ______________.
( 42) Which security policy framework focuses on concepts, practices, and processes for managing and delivering IT services?