Which of the following is the BEST reason to perform a business impact analysis (BIA)?

When implementing effective security governance within the requirements of the company’s security strategy,
which of the following is the MOST important factor to consider?

Which of the following should be determined while defining risk management strategies?

The MAIN reason for having the Information Security Steering Committee review a new security controls
implementation plan is to ensure that:

What is the MAIN risk when there is no user management representation on the Information Security Steering
Committee?

What is the MOST important factor in the successful implementation of an enterprise wide information security
program?

Information security should be:

An organization’s board of directors has learned of recent legislation requiring organizations within the industry
to enact specific safeguards to protect confidential customer information. What actions should the board take
next?

Who is responsible for ensuring that information is categorized and that specific protective measures are
taken?

A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase
and new process for an organization. There is disagreement between the information security manager and the
business department manager who will own the process regarding the results and the assigned risk. Which of
the following would be the BEST approach of the information security manager?