An organization without any formal information security program that has decided to implement
information security best practices should FIRST:

When considering the value of assets, which of the following would give the information security
manager the MOST objective basis for measurement of value delivery in information security
governance?

Which of the following would be the BEST metric for the IT risk management process?

Which of the following is a key area of the ISO 27001 framework?

The MAIN goal of an information security strategic plan is to:

Which of the following, using public key cryptography, ensures authentication, confidentiality and
nonrepudiation of a message?

The main mail server of a financial institution has been compromised at the superuser level; the
only way to ensure the system is secure would be to:

The IT function has declared that, when putting a new application into production, it is not
necessary to update the business impact analysis (BIA) because it does not produce modifications
in the business processes. The information security manager should:

A risk assessment study carried out by an organization noted that there is no segmentation of the
local area network (LAN). Network segmentation would reduce the potential impact of which of the
following?

The PRIMARY objective of an Internet usage policy is to prevent: