Management Question and answers
already passed 2025/2026
What's the goal Security Management? - correct answer ✔To protect the propriety and confidential
information of a company from being unintentionally altered by trusted individuals or intentionally
altered by unauthorized individuals.
What does Security Management includes? - correct answer ✔Includes risk management, information
security policies, procedures, standards, guidelines, baselines, information classification, security
organization, and security education.
What are the objectives of security and a security program? - correct answer ✔to protect the company
and its assets. To provide availability, integrity, and confidentiality to data and resources.
Risk analysis - correct answer ✔What identifies a company's assets, discovers the threats that put them
at risk, and estimates the possible damage and potential loss a company could endure if any of these
threats were to become real.
Risk analysis - correct answer ✔What helps management construct a budget with the necessary funds
to protect the recognized assets from their identified threats and develop applicable security policies
that provide direction for security activities.
Security Management Process - correct answer ✔1. Assessment of risk and determination of needs.
2. Monitoring and evaluation of the systems and practices involves.
3. Promoting of awareness.
4. Implementation of policies and controls intended to address the risks and needs first defined.
, Security management relies on properly identifying and valuing a company's assets, and then
implementing security policies, procedures, standards, and guidelines to provide integrity,
confidentiality, and availability for those assets.
Types of Controls Measures - correct answer ✔1. Directive controls
2. Preventive controls
3. Detective controls
4. Corrective controls
5. Recovery controls
Directive controls - correct answer ✔These usually include company policies and guidelines that advise
employees of their expected behavior when interacting with the company's resources.
Some of the directive controls include legislation, authorized use policies, and anti-viral software
standards.
Preventive controls - correct answer ✔These controls prohibit actions that violate company policies or
that increase risk to system resources.
Examples of preventive controls include separation of duties and encryption of data.
Detective controls - correct answer ✔These controls use practices, processes, and tools to identify and
react to security violations. These controls include audit trails, integrity checks, and violation reports.
Corrective controls - correct answer ✔These controls involve measures designed to detect and rectify
an unwanted event, which helps in eliminating its recurrence.
An example of a corrective control is the frequent updating of anti-virus software.