Documented standards/procedures for the use of cryptography across the enterprise should
PRIMARILY:

Which of the following is the MOST immediate consequence of failing to tune a newly installed
intrusion detection system (IDS) with the threshold set to a low value?

What is the MOST appropriate change management procedure for the handling of emergency

program changes?

Who is ultimately responsible for ensuring that information is categorized and that protective
measures are taken?

The PRIMARY focus of the change control process is to ensure that changes are:

An information security manager has been asked to develop a change control process. What is
the FIRST thing the information security manager should do?

A critical device is delivered with a single user and password that is required to be shared for
multiple users to access the device. An information security manager has been tasked with
ensuring all access to the device is authorized. Which of the following would be the MOST efficient
means to accomplish this?

Which of the following documents would be the BES T reference to determine whether access
control mechanisms are appropriate for a critical application?

Which of the following is the MOST important process that an information security manager needs
to negotiate with an outsource service provider?

Which resource is the MOST effective in preventing physical access tailgating/piggybacking?