Which of the following should be determined while defin…
Which of the following should be determined while defining risk management strategies?
The MAIN reason for having the Information Security Ste…
The MAIN reason for having the Information Security Steering Committee review a new security controls
implementation plan is to ensure that:
What is the MAIN risk when there is no user management …
What is the MAIN risk when there is no user management representation on the Information Security Steering
Committee?
What is the MOST important factor in the successful imp…
What is the MOST important factor in the successful implementation of an enterprise wide information security
program?
Information security should be:
Information security should be:
What actions should the board take next?
An organization’s board of directors has learned of recent legislation requiring organizations within the industry
to enact specific safeguards to protect confidential customer information. What actions should the board take
next?
Who is responsible for ensuring that information is cat…
Who is responsible for ensuring that information is categorized and that specific protective measures are
taken?
Which of the following would be the BEST approach of th…
A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase
and new process for an organization. There is disagreement between the information security manager and the
business department manager who will own the process regarding the results and the assigned risk. Which of
the following would be the BEST approach of the information security manager?
When an organization is implementing an information sec…
When an organization is implementing an information security governance program, its board of directors
should be responsible for:
Which of the following is the BEST method or technique …
Which of the following is the BEST method or technique to ensure the effective implementation of an
information security program?