What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?
What should an organization do to ensure that they have a sound Business Continuity (BC) Plan?A . Test every three years to ensure that things work as plannedB . Conduct periodic tabletop exercises to refine the BC planC . Outsource the creation and execution of the BC plan to a...
Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:
Ensuring that the actions of a set of people, applications and systems follow the organization’s rules is BEST described as:A . Risk managementB . Security managementC . Mitigation managementD . Compliance managementView AnswerAnswer: D
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the
You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than theA . Controlled mitigation effortB . Risk impact comparisonC . Relative likelihood of eventD . Comparative threat analysisView AnswerAnswer: C
What role should the CISO play in properly scoping a PCI environment?
What role should the CISO play in properly scoping a PCI environment?A . Validate the business units’ suggestions as to what should be included in the scoping processB . Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environmentC . Ensure internal scope validation is...
What does this selection indicate?
An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?A . A high threat...
Risk appetite directly affects what part of a vulnerability management program?
Risk appetite directly affects what part of a vulnerability management program?A . StaffB . ScopeC . ScheduleD . Scan toolsView AnswerAnswer: B
What is the relationship between information protection and regulatory compliance?
What is the relationship between information protection and regulatory compliance?A . That all information in an organization must be protected equally.B . The information required to be protected by regulatory mandate does not have to be identified in the organizations data classification policy.C . That the protection of some information...
When dealing with a risk management process, asset classification is important because it will impact the overall:
When dealing with a risk management process, asset classification is important because it will impact the overall:A . Threat identificationB . Risk monitoringC . Risk treatmentD . Risk toleranceView AnswerAnswer: C
Which of the following is the MOST important benefit of an effective security governance process?
Which of the following is the MOST important benefit of an effective security governance process?A . Reduction of liability and overall risk to the organizationB . Better vendor managementC . Reduction of security breachesD . Senior management participation in the incident response processView AnswerAnswer: A
The exposure factor of a threat to your organization is defined by?
The exposure factor of a threat to your organization is defined by?A . Asset value times exposure factorB . Annual rate of occurrenceC . Annual loss expectancy minus current cost of controlsD . Percentage of loss experienced due to a realized threat eventView AnswerAnswer: D