A good privacy statement should include:

Information security policy enforcement is the responsibility of the:

The MOST basic requirement for an information security governance program is to:

While implementing information security governance an organization should FIRST:

Which of the following is responsible for legal and regulatory liability?

Reviewing which of the following would BEST ensure that security controls are effective?

An internal audit has identified major weaknesses over IT processing. Which of the following should an
information security manager use to BEST convey a sense of urgency to management?

From an information security manager perspective, what is the immediate benefit of clearly-defined roles and
responsibilities?

Which of the following BEST describes an information security manager’s role in a multidisciplinary team that
will address a new regulatory requirement regarding operational risk?

An information security manager at a global organization that is subject to regulation by multiple governmental
jurisdictions with differing requirements should: