Question 1. What is planning? How does an organization determine if planning is necessary?
Question 2. What are the three common levels of planning?
Question 3. Who are stakeholders? Why is it important to consider their views when planning?
Question 4. What is a values statement? What is a vision statement? What is a mission statement? Why are they important? What do they contain?
Question 5. What is strategy?
Question 6. What is InfoSec governance?
Question 7. What should a board of directors recommend as an organization's InfoSec objectives
Question 8. What are the five basic outcomes that should be achieved through InfoSec governance?
Question 9. Describe top-down strategic planning. How does it differ from bottom-up strategic planning? Which is usually more effective in implementing security in a large, diverse organization?
Question 10. What is security convergence and why is it significant?
Question 11. What is joint application design?
Question 12. What is a systems development life cycle methodology?
Question 13. How does the SecSDLC differ from the more general SDLC?
Question 14. What is the primary objective of the SecSDLC? What are its major steps, and what are the major objectives of each step?
Question 15. What is a managerial control?
Question 16. What is an operational security control?
Question 17. What is a technical security control?
Question 18. What is a project champion?
Question 19. What is the difference between a CSO and a CISO?
Question 20. Why is maintenance needed for information security management systems?