When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance?

An organization without any formal information security program that has decided to implement information security best practices should FIRST:

Which of the following controls is MOST effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices?

In an organization, information systems security is the responsibility of:

An information security manager uses security metrics to measure the:

Which of the following security mechanisms is MOST effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization’s network?

Which of the following BEST ensures that modifications made to in-house developed business applications do not introduce new security exposures?

Which of the following technologies is utilized to ensure that an individual connecting to a corporate internal network over the Internet is not an intruder masquerading as an authorized user?

Which of the following tools is MOST appropriate to assess whether information security governance objectives are being met?

The information classification scheme should: