The MOST important characteristic of good security policies is that they:
The MOST important characteristic of good security policies is that they:A . state expectations of IT management.B . state only one general security mandate.C . are aligned with organizational goals.D . govern the creation of procedures and guidelines.View AnswerAnswer: C Explanation: The most important characteristic of good security policies is...
An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to:
An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to:A . ensure that security processes are consistent across the organization.B . enforce baseline security levels across the organization.C . ensure that security processes...
When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?
When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?A . Business managementB . Operations managerC . Information security managerD . System usersView AnswerAnswer: C Explanation: The escalation process in critical situations should involve the information security manager as...
Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?
Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?A . Ensure that all IT risks are identifiedB . Evaluate the impact of information security risksC . Demonstrate that IT mitigating controls are in placeD...
Which of the following would BEST ensure the success of information security governance within an organization?
Which of the following would BEST ensure the success of information security governance within an organization?A . Steering committees approve security projectsB . Security policy training provided to all managersC . Security training available to all employees on the intranetD . Steering committees enforce compliance with laws and regulationsView AnswerAnswer:...
When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?
When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?A . Develop a security architectureB . Establish good communication with steering committee membersC . Assemble an experienced staffD . Benchmark peer organizationsView AnswerAnswer: B Explanation: New information security managers should seek...
Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?
Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?A . Update platform-level security settingsB . Conduct disaster recovery test exercisesC . Approve access to critical financial systemsD . Develop an information security strategy paperView AnswerAnswer: D Explanation: Developing a strategy paper...
Which of the following is responsible for legal and regulatory liability?
Which of the following is responsible for legal and regulatory liability?A . Chief security officer (CSO)B . Chief legal counsel (CLC)C . Board and senior managementD . Information security steering groupView AnswerAnswer: C Explanation: The board of directors and senior management are ultimately responsible for all that happens in the...
Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:
Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:A . it implies compliance risks.B . short-term impact cannot be determined.C . it violates industry security practices.D . changes in the roles matrix cannot be detected.View...
Security technologies should be selected PRIMARILY on the basis of their:
Security technologies should be selected PRIMARILY on the basis of their:A . ability to mitigate business risks.B . evaluations in trade publications.C . use of new and emerging technologies.D . benefits in comparison to their costs.View AnswerAnswer: A Explanation: The most fundamental evaluation criterion for the appropriate selection of any...