Which of the following should be define* I FIRST when creating an organization's information security strategy?
Which of the following should be define* I FIRST when creating an organization's information security strategy?A . BudgetB . Policies and processesC . ObjectivesD . Organizational structuresView AnswerAnswer: C
Which of the following is MOST likely to result from a properly conducted post-incident review?
Which of the following is MOST likely to result from a properly conducted post-incident review?A . Breach information is provided to the organization's key stakeholders and users.B . The cause of the incident is discovered and remediated.C . Forensic evidence is reviewed and provided to law enforcementD . The incident...
Which of the following would BEST justify spending for a compensating control?
Which of the following would BEST justify spending for a compensating control?A . Risk analysisB . Vulnerability analysisC . Threats analysisD . Peer benchmarkingView AnswerAnswer: C
Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?
Before final acceptance of residual risk, what is the BEST way for an information security manager to address risk factors determined to be lower than acceptable risk levels?A . Implement more stringent countermeasures.B . Evaluate whether an excessive level of control is being applied.C . Ask senior management to increase...
The PRIMARY purpose of vulnerability assessments is to:
The PRIMARY purpose of vulnerability assessments is to:A . provide clear evidence that the system is sufficiently secure.B . test intrusion detection systems (IDS) and response proceduresC . detect deficiencies that could lead to a system compromise.D . determine the impact of potential threats,View AnswerAnswer: C
Which of the following is a PRIMARY security responsibility of an information owner?
Which of the following is a PRIMARY security responsibility of an information owner?A . Testing information classification controlsB . Determining the controls associated with information classificationC . Maintaining the integrity of data in the information systemD . Deciding what level of classification the information requiresView AnswerAnswer: D
The success of a computer forensic investigation depends on the concept of:
The success of a computer forensic investigation depends on the concept of:A . chain of evidence.B . chain of attack.C . forensic chainD . evidence of attack.View AnswerAnswer: A
Which of the following processes would BEST help to ensure that information security risks will be evaluated when implementing a new payroll system?
Which of the following processes would BEST help to ensure that information security risks will be evaluated when implementing a new payroll system?A . Change managementB . Problem managementC . Configuration managementD . Incident managementView AnswerAnswer: A
Which of the following is the GREATEST issue to consider?
A company has purchased a rival organization and is looking to integrate security strategies. Which of the following is the GREATEST issue to consider?A . The organizations have different risk appetitesB . Differing security skills within the organizationsC . Confidential information could be leakedD . Differing security technologiesView AnswerAnswer: D
Which of the following is the BEST way for an information security manager to prevent this situation from reoccurring?
A third-party contract signed by a business unit manager failed to specify information security requirements. Which of the following is the BEST way for an information security manager to prevent this situation from reoccurring?A . Inform business unit management of the information security requirements.B . Provide information security training to...