Information Security for Decision-makers Competency (Intermediate Level)

  • 20m
  • 20 questions
The Information Security for Decision-makers Competency (Intermediate Level) benchmark measures your field and managerial experience with information security issues and processes. A learner who scores high on this benchmark demonstrates an intermediate-level competency in information security and its practices. They can likely manage InfoSec security teams but may still require additional training or oversight input from a more knowledgeable InfoSec professional.

Topics covered

  • define business acumen and describe how its is a common trait found in good leaders
  • differentiate between types of security controls
  • identify potential security features and protective measures to optimize security
  • identify risks enabled by natural disasters, such as fires, tornados, and flooding
  • identify the importance of data classification
  • list common threats to IT systems and data, including hardware, software, malware, phishing, and human error
  • list potential security technology predictions to plan for in the future
  • name the key steps to consider when choosing a security vendor
  • outline common criminal threats to IT systems, such as hackers, staff, breaches, theft, and fraud
  • outline common responsibilities of a network security engineer, including ensuring hardware and software security and updating and patching resources
  • outline measures that can be put in place to minimize disruptions
  • outline the importance of performing an evaluation of security risks, threats, and vulnerabilities
  • provide an overview of incident response planning and how it can help organizations better respond to critical incidents
  • provide an overview of the stages of information security risk management (ISRM)
  • recognize common responsibilities of a penetration tester and describe their roles in information security
  • recognize how defense in depth is used to provide a layered approach to security
  • recognize the importance of gathering information and making ethical decisions
  • recognize the importance of having a structured process in place to identify, assess, and mitigate risk
  • recognize what security vendors are and list the common related services they offer
  • state how to identify risks to IT systems or information