Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

The COSO framework is built on five interrelated components. Which of the follow

ID: 3741159 • Letter: T

Question

The COSO framework is built on five interrelated components. Which of the following is NOT one of them?

Control environment

Control activities

Risk assessment

InfoSec Governance

Which type of access controls can be role-based or task-based?

content-dependent

nondiscretionary

discretionary

constrained

Which of the following is NOT a category of access control?

mitigating

compensating

preventative

deterrent

Which of the following is the primary purpose of ISO/IEC 27001:2005?

Use within an organization to formulate security requirements and objectives

Use within an organization to ensure compliance with laws and regulations

Implementation of business-enabling information security

To enable organizations that adopt it to obtain certification

Which of the following is NOT a change control principle of the Clark-Wilson model?

No unauthorized changes by authorized subjects

No changes by unauthorized subjects

No changes by authorized subjects without external validation

The maintenance of internal and external consistency

a.

Control environment

b.

Control activities

c.

Risk assessment

d.

InfoSec Governance

Explanation / Answer

If you have any problems with the answer or want me to edit the answer, just let me know in the comments and I will try to get on to it as soon as possible. Do give a positive rating if you think this answer helped.

1. The five components of COSO framework are :

I. Control Environment

II. Risk Assessment

III. Control Activities

IV. Information and Communication

V. Monitoring Activities.

Hence InfoSec Governance is not a component of COSO framework. Therefore correct option is d. InfoSec Governance.

2. A non discretionary access control can be role-based or task-based. Hence the correct option is b. Non discretionary.

3. Compensating, preventative and deterrent are types of access controls. Hence the correct option is a. Mitigating.

4. The primary purpose of ISO/IEC 27001:2005 is to formulate security requirements and objectives within an organization. Hence the correct option is a. Use within an organization to formulate security requirements and objectives.

5. No changes by authorized subjects without external validation is not change control principle of the Clark-Wilson model. Hence the correct option is c. No changes by authorized subjects without external validation.

Related Questions

The CIO of your organization walks into your office one Friday afternoon. As he
Question #136664
The CIT program requires that students use APA Style for all written assignments
Question #3881237
The CIty of CHarlotte, North Carolina, states their mission and vision as follow
Question #2492154
The CM 2 management team is discussing how it can “put its best foot forward” in
Question #2777235
The CM of an empty 1200-kg car is 2.50 mbehind the front of the car. Part A How
Question #1436679
The CM of an empty 1300- k g car is 2.50 m behind the front of the car. Part A H
Question #1796269
The CM of an empty 1300-kg car is 2.30 m behind the front of the car. Part A How
Question #1344876
The CM of an empty 1300-kg car is 2.30 m behind the front of the car. Part A How
Question #1365092

Navigate

Previous
The COSO framework is built on five interrelated components. Which of the follow
Next
The COUGAR program plans to acquire a total of 600 end items costing $720 millio