- All Exams Instant Download
The Information Security Governance program MUST:
The Information Security Governance program MUST:A . integrate with other organizational governance processesB . support user choice for Bring Your Own Device (BYOD)C . integrate with other organizational governance processesD . show a return on investment for the organizationView AnswerAnswer: A
The alerting, monitoring and life-cycle management of security related events is typically handled by the
The alerting, monitoring and life-cycle management of security related events is typically handled by theA . security threat and vulnerability management processB . risk assessment processC . risk management processD . governance, risk, and compliance toolsView AnswerAnswer: A
Who in the organization determines access to information?
Who in the organization determines access to information?A . Legal departmentB . Compliance officerC . Data OwnerD . Information security officerView AnswerAnswer: C
If your organization operates under a model of "assumption of breach", you should:
If your organization operates under a model of "assumption of breach", you should:A . Protect all information resource assets equallyB . Establish active firewall monitoring protocolsC . Purchase insurance for your compliance liabilityD . Focus your security efforts on high value assetsView AnswerAnswer: C
When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?
When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?A . The asset ownerB . The asset managerC . The data custodianD . The project managerView AnswerAnswer: A
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?A . Need to comply with breach disclosure lawsB . Need to transfer the risk associated with...
A method to transfer risk is to:
A method to transfer risk is to:A . Implement redundancyB . move operations to another regionC . purchase breach insuranceD . Alignment with business operationsView AnswerAnswer: C
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?A . Identify threats, risks, impacts and vulnerabilitiesB . Decide how to manage riskC . Define the budget of the Information Security Management SystemD . Define Information Security PolicyView AnswerAnswer: D
Which of the following is of MOST concern to this organization?
A global health insurance company is concerned about protecting confidential information. Which of the following is of MOST concern to this organization?A . Compliance to the Payment Card Industry (PCI) regulations.B . Alignment with financial reporting regulations for each country where they operate.C . Alignment with International Organization for Standardization...
What two methods are used to assess risk impact?
What two methods are used to assess risk impact?A . Cost and annual rate of expectanceB . Subjective and ObjectiveC . Qualitative and percent of loss realizedD . Quantitative and qualitativeView AnswerAnswer: D
