A risk assessment study carried out by an organization noted that there is no segmentation of the local area
network (LAN). Network segmentation would reduce the potential impact of which of the following?

The IT function has declared that, when putting a new application into production, it is not necessary to update
the business impact analysis (BIA) because it does not produce modifications in the business processes. The
information security manager should:

The main mail server of a financial institution has been compromised at the superuser level; the only way to
ensure the system is secure would be to:

Which of the following, using public key cryptography, ensures authentication, confidentiality and
nonrepudiation of a message?

The MAIN goal of an information security strategic plan is to:

Which of the following is a key area of the ISO 27001 framework?

Which of the following would be the BEST metric for the IT risk management process?

When considering the value of assets, which of the following would give the information security manager the
MOST objective basis for measurement of value delivery in information security governance?

An organization without any formal information security program that has decided to implement information
security best practices should FIRST:

In an organization, information systems security is the responsibility of: