NPTEL Cyber Security and Privacy Week 3 Assignment Answers 2024
1. The process of defining and specifying the long-term direction to be taken by an organization, and the allocation and acquisition of resources needed to pursue this effort is known as:
- Governance
- Security Management
- Strategic Planning
- Objectives
Answer :- For Answers Click Here
2. Which of the following statements best describes the relationship between GRC (Governance, Risk, and Compliance) and cybersecurity ?
- GRC focuses solely on cybersecurity management and overlooks other risk management initiatives.
- Cybersecurity is the primary focus of GRC, with minimal consideration for other risks.
- GRC integrates cybersecurity as one component within the broader framework of enterprise risk management (ERM).
- GRC is a standalone framework independent of cybersecurity and risk management.
Answer :- For Answers Click Here
3. A written document provided by management that inform employees and others in the workplace about proper behavior regarding the use of information and information assets are known as:
- Guidelines
- Information Security Policy
- De facto standard
- Practices
Answer :-
4. Which approach to cybersecurity management treats cybersecurity as a separate category distinct from other risks an organization may face, and focuses solely on cybersecurity, depending on the size and nature of the organization?
- Standard Driven Approach
- Organization Planning Approach
- GRC Framework
- Risk Management Framework
Answer :-
5. Benefits of implementing a GRC in an organization include:
- Responsible operations
- Data-driven decision-making
- Improved cybersecurity
- All the above
Answer :- For Answers Click Here
6. What is the purpose of the COBIT maturity model?
- To assess an organization’s maturity in IT governance processes
- To rank organizations based on their financial performance
- To determine the efficiency of network infrastructure
- To evaluate employee satisfaction levels in the IT department
Answer :-
7. COSO’s ERM framework emphasizes:
- Operational efficiency
- Risk identification and assessment
- Regulatory compliance
- Human resource management
Answer :-
8. Which characteristic distinguishes the approaches of COBIT, COSO, and COSO-ERM from specific standards like ISO or NIST?
- They prioritize cybersecurity over other risk management aspects.
- They focus exclusively on small to medium-sized enterprises (SMEs).
- They operate at the enterprise level rather than focusing on specific standards.
- They are primarily developed by governmental regulatory bodies.
Answer :- For Answers Click Here
9. Why might some countries be hesitant to adopt the ISO 27001 model?
- It is a mandatory standard with strict compliance requirements.
- It is not recognized as a valid security framework by international organizations.
- There are concerns about the model’s overall effectiveness compared to existing approaches.
- It prioritizes specific security vendors or technologies.
Answer :-
10. Which of the following is not considered a principle or practice for securing IT systems?
- Implement layered security to ensure there is no single point of vulnerability.
- Do not implement unnecessary security mechanisms.
- Maximize the system elements to be trusted.
- Assume that external systems are insecure.
Answer :- For Answers Click Here