CISSP PRACTICE QUESTIONS – 20200118

Effective CISSP Questions

You are the CISO working for a direct bank based in Taiwan that relies entirely on internet banking. The software development team is developing a customer relationship management (CRM) system. You are drafting the privacy policy for customer data. Which of the following behavior of the system will concern you most?
A. It shows the privacy policy with the opt-in option to consent
B. It provides an “unsubscribe” link to opt-out of receiving marketing emails
C. It constrains the customer from updating personal data to meet the use limitation principle
D. It opens to the customer to update personal data online
Continue reading

CISSP PRACTICE QUESTIONS – 20200117

Effective CISSP Questions

You are the CISO working for a direct bank based in Taiwan that relies entirely on internet banking. You are reviewing applicable legal and regulatory requirements for compliance. Which of the following will concern you most?
A. Procurement staff issued a contract without minimum security requirements
B. The development team used an open-source component with an unknown source
C. Policies are published after a new law or regulation as a reactive response
D. Personal data is open for the data subject to update
Continue reading

CISSP PRACTICE QUESTIONS – 20200116

Effective CISSP Questions

You are the CISO working for a direct bank based in Taiwan that relies entirely on internet banking. You are collaborating with auditors to facilitate auditing activities to ensure compliance with information security policy. Which of the following is least commonly adopted?
A. Employing the Delphi method
B. Interviewing with senior management
C. Reviewing data backup policy
D. Sending questionnaires to the target group
Continue reading

Goal and Objective

Goals and Objectives

The terms “goal” and “objective” are often used interchangeably. However, there are some differences. A goal is a written statement of desired outcomes or future state; an objective is the result to be achieved. A goal is typically broken down into objectives.

KGI and KPI

Given a hierarchy of objectives, a goal is the upper-level objective (parent) relative to the lower-level ones (children) broken down from it. A goal is measured by Key Goal Indicators (KGIs), while its subsidiary objectives are measured by Key Performance Indicators (KPIs). KGI is a measure for the outcome; while KPI is a measure for performance. A KGI at the lower level serves as a KPI to the parent KGI. The term KGI comes from COBIT, which distinguishes KGI as a lagging indicator from KPI as a leading indicator. However, it’s not uncommon to call a KGI (the effect) just KPI (the cause).

Performance Measurement

Success is the result of achieving a goal. Performance is a measurable result used to measure the progress to the objective or goal.

Measure

A measure is a variable with “a standard unit used to express the size, amount, or degree of something” (Google Dictionary).  In other words, a measure collects facts, but it isn’t associated with an objective or goal, while a metric does.

Measurement is a process to determine a value; it also refers to the result of a measurement. Measurements are values of a variable, or instances of a measure.

Metric and Indicator

A metric is a quantitative measure that is associated with an objective or goal so that the performance can be measured. An indicator is also a measure, but it can be either quantitative or qualitative.

CISSP PRACTICE QUESTIONS – 20200115

Effective CISSP Questions

You are the CISO working for a direct bank based in Taiwan that relies entirely on internet banking. You developed an information security policy and put it into effect. Which of the following is the most effective for you to enforce its compliance?
A. Provide more training to improve awareness and skill levels
B. Conduct frequent audits to improve continuously
C. Develop standards, procedures, and guidelines to support the policy
D. Collaborate with the audit department
Continue reading

Strategic Thinking

strategicplanning

Strategic thinking is the cognitive thinking process about the organization’s long-term development and growth. The first step to strategic thinking starts from pondering the purpose and values of the organization and envisioning long-term success. The purpose and values are typically written in the mission statement.

A vision is the picture of success, a situation that the purpose and values are satisfied. It is then described by a set of intended outcomes and broken down into strategic goals, which direct the development of the strategic plan or strategy.

Strategy formulation is driven by analyzing the context of the organization (or the external and internal environment) and the needs of stakeholders.

It’s common for organizations to merge the mission and vision into one statement, the mission or vision statement. Does the mission go before vision or conversely? The is no agreement in academia. I hold the position that the mission goes first.