Isaca Updated CRISC Exam Questions and Answers by lilianna

A maturity model is a framework that describes the stages or levels of development and improvement of a certain domain, such as a process, a function, or an organization. A maturity model is most useful to an organization when it provides a reference for progress, meaning that it helps the organization to assess its current state, identify its strengths and weaknesses, set its goals and objectives, and measure itsperformance and improvement over time. A maturity model can also help the organization to compare itself with best practices and standards, but benchmarking against other organizations is not its primary purpose. A maturity model can also help the organization to manage its risks, but defining a qualitative measure of risk or providingrisk metrics is not its main function. References = Risk and Information Systems Control Study Manual, Chapter 3, Section 3.3.2.1, p. 118-119

 The most effective way to promote organization-wide awareness of data security in response to an increase in regulatory penalties for data leakage is to require training on the data handling policy, as it educates the employees on the importance, requirements, and procedures of data protection, and enhances their knowledge and skills to prevent, detect, and respond to data leakage incidents. Enforcingsanctions for noncompliance with security procedures, conducting organization-wide phishing simulations, and requiring regular testing of the data breach response plan are not the most effective ways, as they are more related to the enforcement, evaluation, or improvement of the data security, respectively, rather than the promotion of the data security awareness. References = CRISC Review Manual, 7th Edition, page 155.