Which of the following security activities should be im…
Which of the following security activities should be implemented in the change management process to identify
key vulnerabilities introduced by changes?
Which of the following should be carried out FIRST to m…
There is a time lag between the time when a security vulnerability is first published, and the time when a patch
is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period?
Which of the following is the MAIN reason for performin…
Which of the following is the MAIN reason for performing risk assessment on a continuous basis’?
Risk assessment is MOST effective when performed:
Risk assessment is MOST effective when performed:
In assessing the degree to which an organization may be…
In assessing the degree to which an organization may be affected by new privacy legislation, information
security management should FIRST:
The MOST appropriate owner of customer data stored in a…
The MOST appropriate owner of customer data stored in a central database, used only by an organization’s
sales department, would be the:
prioritize the use of role-based access controls.
To determine the selection of controls required to meet business objectives, an information security manager
should:A. prioritize the use of role-based access controls.
Which of (lie following would be the MOST relevant fact…
Which of (lie following would be the MOST relevant factor when defining the information classification policy?
The PRIMARY reason for initiating a policy exception pr…
The PRIMARY reason for initiating a policy exception process is when:
what should be reported FIRST to senior management?
When a significant security breach occurs, what should be reported FIRST to senior management?