Which of the following is of MOST concern to this organization?
A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?A . Compliance to the Payment Card Industry (PCI) regulations. B. Alignment with financial reporting regulations for each country where they operate. C. Alignment with International Organization for Standardization...
Which of the following is considered the MOST effective tool against social engineering?
Which of the following is considered the MOST effective tool against social engineering?A . Anti-phishing tools B. Anti-malware tools C. Effective Security Vulnerability Management Program D. Effective Security awareness programView AnswerAnswer: D
Which of the following risk strategy options have you engaged in?
You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?A . Risk Avoidance B. Risk Acceptance C. Risk Transfer D. Risk MitigationView AnswerAnswer: C
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern forA . Confidentiality, Integrity and Availability B. Assurance, Compliance and Availability C. International...
Which of the following most commonly falls within the scope of an information security governance steering committee?
Which of the following most commonly falls within the scope of an information security governance steering committee?A . Approving access to critical financial systems B. Developing content for security awareness programs C. Interviewing candidates for information security specialist positions D. Vetting information security policiesView AnswerAnswer: D
The FIRST step in establishing a security governance program is to?
The FIRST step in establishing a security governance program is to?A . Conduct a risk assessment. B. Obtain senior level sponsorship. C. Conduct a workshop for all end users. D. Prepare a security budget.View AnswerAnswer: B
What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?
What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?A . Test every three years to ensure that things work as planned B. Conduct periodic tabletop exercises to refine the BC plan C. Outsource the creation and execution of the BC plan to a...
Which of the following should be determined while defining risk management strategies?
Which of the following should be determined while defining risk management strategies?A . Organizational objectives and risk tolerance B. Risk assessment criteria C. IT architecture complexity D. Enterprise disaster recovery plansView AnswerAnswer: A
What kind of law would require notifying the owner or licensee of this incident?
An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?A . Data breach disclosure B. Consumer right disclosure C. Security incident disclosure D. Special circumstance disclosureView AnswerAnswer:...
An organization information security policy serves to
An organization information security policy serves toA . establish budgetary input in order to meet compliance requirements B. establish acceptable systems and user behavior C. define security configurations for systems D. define relationships with external law enforcement agenciesView AnswerAnswer: B