D. benefits in comparison to their costs.
The most fundamental evaluation criterion for the appropriate selection of any security
technology is its ability to reduce or eliminate business risks. Investments in security
technologies should be based on their overall value in relation to their cost; the value can be
demonstrated in terms of risk mitigation. This should take precedence over whether they use
new or exotic technologies or how they are evaluated in trade publications.
Which of the following are seldom changed in response to technological changes?
Policies are high-level statements of objectives. Because of their high-level nature and
statement of broad operating principles, they are less subject to periodic change. Security
standards and procedures as well as guidelines must be revised and updated based on the
impact of technology changes.
The MOST important factor in planning for the long-term retention of electronically stored
business records is to take into account potential changes in:
A. storage capacity and shelf life.
B. regulatory and legal requirements.
C. business strategy and direction.
D. application systems and media.
Long-term retention of business records may be severely impacted by changes in application
systems and media. For example, data stored in nonstandard formats that can only be read and
interpreted by previously decommissioned applications may be difficult, if not impossible, to
recover. Business strategy and direction do not generally apply, nor do legal and regulatory
requirements. Storage capacity and shelf life are important but secondary issues.
Which of the following is characteristic of decentralized information security management across
a geographically dispersed organization?
A. More uniformity in quality of service
B. Better adherence to policies