Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?
Within an organization’s vulnerability management program, who has the responsibility to implement remediation actions?A . Security officer B. Data owner C. Vulnerability engineer D. System administratorView AnswerAnswer: D
When dealing with a risk management process, asset classification is important because it will impact the overall:
When dealing with a risk management process, asset classification is important because it will impact the overall:A . Threat identification B. Risk monitoring C. Risk treatment D. Risk toleranceView AnswerAnswer: C
With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:
With a focus on the review and approval aspects of board responsibilities, the Data Governance Council recommends that the boards provide strategic oversight regarding information and information security, include these four things:A . Metrics tracking security milestones, understanding criticality of information and information security, visibility into the types of information...
What is the MAIN reason for conflicts between Information Technology and Information Security programs?
What is the MAIN reason for conflicts between Information Technology and Information Security programs?A . Technology governance defines technology policies and standards while security governance does not. B. Security governance defines technology best practices and Information Technology governance does not. C. Technology Governance is focused on process risks whereas Security...
When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?
When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?A . An independent Governance, Risk and Compliance organization B. Alignment of security goals with business goals C. Compliance with local privacy regulations D. Support from Legal and...
What is the first thing that needs to be completed in order to create a security program for your organization?
What is the first thing that needs to be completed in order to create a security program for your organization?A . Risk assessment B. Security program budget C. Business continuity plan D. Compliance and regulatory analysisView AnswerAnswer: A
The Information Security Management program MUST protect:
The Information Security Management program MUST protect:A . all organizational assets B. critical business processes and /or revenue streams C. intellectual property released into the public domain D. against distributed denial of service attacksView AnswerAnswer: B
Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?
Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?A . Threat B. Vulnerability C. Attack vector D. ExploitationView AnswerAnswer: B
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?A . Identify threats, risks, impacts and vulnerabilities B. Decide how to manage risk C. Define the budget of the Information Security Management System D. Define Information Security PolicyView AnswerAnswer: D
When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?
When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?A . How many credit card records are stored? B. How many servers do you have? C. What is the scope of the...