( 36 ) An organization ’ s security awareness program is an example of which type of security control ?
( 37 ) Which of the following is a key measurement of an organization ’ s risk appetite ?
( 38 ) The core requirement of an automated IT security control library is that the information is ________.
( 39 ) Who is responsible for executing policies and procedures , such as backup and versioning ?
( 40 ) Which IT framework extends the COBIT framework and is a comprehensive risk management approach ?
( 41 ) In the financial services sector , the use of the “ three lines of defense ” includes the business unit ( BU ), a risk management program , and ______________.
( 42 ) Which security policy framework focuses on concepts , practices , and processes for managing and delivering IT services ?