The information security manager should recommend to bu…
After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the benefit to be
derived. The information security manager should recommend to business management that the risk be:
Who is responsible for ensuring that information is cla…
Who is responsible for ensuring that information is classified?
What does a network vulnerability assessment intend to …
What does a network vulnerability assessment intend to identify?
One way to determine control effectiveness is by determ…
One way to determine control effectiveness is by determining:
Which of the following would be MOST relevant to includ…
Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor
authentication system?
What should the information security manager do FIRST?
An organization has to comply with recently published industry regulatory requirements — compliance that
potentially has high implementation costs. What should the information security manager do FIRST?
Which of the following would be the MOST important fact…
Which of the following would be the MOST important factor to be considered in the loss of mobile equipment
with unencrypted data?
achieve a balance between risk and organizational goals.
The BEST strategy for risk management is to:A. achieve a balance between risk and organizational goals.
The MAIN reason why asset classification is important t…
The MAIN reason why asset classification is important to a successful information security program is because
classification determines:
When performing a risk assessment, the MOST important c…
When performing a risk assessment, the MOST important consideration is that: