In assessing the degree to which an organization may be affected by new privacy legislation, information secur
In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:
The MOST appropriate owner of customer data stored in a central database, used only by an organization’s
The MOST appropriate owner of customer data stored in a central database, used only by an organization’s sales department, would be the:
To determine the selection of controls required to meet business objectives, an information security manager s
To determine the selection of controls required to meet business objectives, an information security manager should:
Which of the following would be the MOST relevant factor when defining the information classification policy?
Which of the following would be the MOST relevant factor when defining the information classification policy?
The PRIMARY reason for initiating a policy exception process is when:
The PRIMARY reason for initiating a policy exception process is when:
When a significant security breach occurs, what should be reported FIRST to senior management?
When a significant security breach occurs, what should be reported FIRST to senior management?
The information security manager should recommend to business management that the risk be:
After a risk assessment, it is determined that the cost to mitigate the risk is much greater than the benefit to be derived. The information security manager should recommend to business management that the risk be:
Who is responsible for ensuring that information is classified?
Who is responsible for ensuring that information is classified?
What does a network vulnerability assessment intend to identify?
What does a network vulnerability assessment intend to identify?
One way to determine control effectiveness is by determining:
One way to determine control effectiveness is by determining: