Authorization creep is to access controls what scope creep is to software development. Which of the following is not true of authorization creep?

As his company’s CISO, George needs to demonstrate to the Board of Directors the necessity of a strong risk management program. Which of the following should George use to calculate the company’s residual risk?

Jill is establishing a companywide sales program that will require different user groups with different privileges to access information on a centralized database. How should the security manager secure the database?

A number of factors should be considered when assigning values to assets. Which of the following is not used to determine the value of an asset?

There are several methods an intruder can use to gain access to company assets. Which of the following best describes masquerading?

The integrity of data is not related to which of the following?

Sue has been tasked with implementing a number of security controls, including antivirus and antispam software, to protect the company’s e-mail system. What type of approach is her company taking to handle the risk posed by the system?

Which of the following is not included in a risk assessment?

Assigning data classification levels can help with all of the following except:

As head of sales, Jim is the information owner for the sales department. Which of the following is not Jim’s responsibility as information owner?