When a significant security breach occurs, what should be reported FIRST to senior
management?

The PRIMARY reason for initiating a policy exception process is when:

Which of (lie following would be the MOST relevant factor when defining the information
classification policy?

To determine the selection of controls required to meet business objectives, an information
security manager should:

The MOST appropriate owner of customer data stored in a central database, used only by an
organization’s sales department, would be the:

In assessing the degree to which an organization may be affected by new privacy legislation,
information security management should FIRST:

Risk assessment is MOST effective when performed:

Which of the following is the MAIN reason for performing risk assessment on a continuous basis’?

There is a time lag between the time when a security vulnerability is first published, and the time
when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk
during this time period?

Which of the following security activities should be implemented in the change management
process to identify key vulnerabilities introduced by changes?