ISA 3300 Chapter 3 Exam Questions With
Reviewed Correct Detailed Answers
stakeholder: - ANSWER✔✔-A person or organization that has a "stake" or vested
interest in a particular aspect of the planning or operation of the organization—in this
case, the information assets used in a particular organization.
The mission statement - ANSWER✔✔-explicitly declares the business of the orga-
nization and its intended areas of operations.
The vision statement - ANSWER✔✔-is an idealistic expression of what the organization
wants to become and works hand in glove with the mission statement. The vision
statement expresses where the organization wants to go, while the mission statement
describes how it wants to get there.
Values Statement - ANSWER✔✔-The trust and confidence of stakeholders and the
public are important factors for any organization. By establishing a formal set of
organizational principles and qualities
, strategic planning: - ANSWER✔✔-The process of defining and specifying the long-term
direction (strategy) to be taken by an organization, and the allocation and acquisition of
resources needed to pursue this effort.
Tactical planning - ANSWER✔✔-has a more short-term focus than strategic planning—
usually one to three years. It breaks down each applicable strategic goal into a series of
incremental objectives. Each objective should be specific and ideally will have a
delivery date within a year.
Budgeting, resource allocation, and personnel are critical components of the -
ANSWER✔✔-tactical plan.
Managers and employees use ____________, which are derived from the tactical plans,
to organize the ongoing, day-to-day performance of tasks. - ANSWER✔✔-operational
plans
The first priority of the CISO and the InfoSec management team should be the structure
of a . - ANSWER✔✔-strategic plan
governance: - ANSWER✔✔-The set of responsibilities and practices exercised by the
board and executive management with the goal of providing strategic direction,
ensuring that objectives are achieved, ascertaining that risks are managed
appropriately, and verifying that the enterprise's resources are used responsibly.
governance, risk management, and compliance (GRC): - ANSWER✔✔-An approach to
information security strategic guidance from a board of directors or senior management
Reviewed Correct Detailed Answers
stakeholder: - ANSWER✔✔-A person or organization that has a "stake" or vested
interest in a particular aspect of the planning or operation of the organization—in this
case, the information assets used in a particular organization.
The mission statement - ANSWER✔✔-explicitly declares the business of the orga-
nization and its intended areas of operations.
The vision statement - ANSWER✔✔-is an idealistic expression of what the organization
wants to become and works hand in glove with the mission statement. The vision
statement expresses where the organization wants to go, while the mission statement
describes how it wants to get there.
Values Statement - ANSWER✔✔-The trust and confidence of stakeholders and the
public are important factors for any organization. By establishing a formal set of
organizational principles and qualities
, strategic planning: - ANSWER✔✔-The process of defining and specifying the long-term
direction (strategy) to be taken by an organization, and the allocation and acquisition of
resources needed to pursue this effort.
Tactical planning - ANSWER✔✔-has a more short-term focus than strategic planning—
usually one to three years. It breaks down each applicable strategic goal into a series of
incremental objectives. Each objective should be specific and ideally will have a
delivery date within a year.
Budgeting, resource allocation, and personnel are critical components of the -
ANSWER✔✔-tactical plan.
Managers and employees use ____________, which are derived from the tactical plans,
to organize the ongoing, day-to-day performance of tasks. - ANSWER✔✔-operational
plans
The first priority of the CISO and the InfoSec management team should be the structure
of a . - ANSWER✔✔-strategic plan
governance: - ANSWER✔✔-The set of responsibilities and practices exercised by the
board and executive management with the goal of providing strategic direction,
ensuring that objectives are achieved, ascertaining that risks are managed
appropriately, and verifying that the enterprise's resources are used responsibly.
governance, risk management, and compliance (GRC): - ANSWER✔✔-An approach to
information security strategic guidance from a board of directors or senior management
