Which of the following is MOST appropriate for inclusion in an information security strategy?
Which of the following is MOST appropriate for inclusion in an information security strategy?A . Business controls designated as key controlsB . Security processes, methods, tools and techniquesC . Firewall rule sets, network defaults and intrusion detection system (IDS) settingsD . Budget estimates to acquire specific security toolsView AnswerAnswer: B...
Who should drive the risk analysis for an organization?
Who should drive the risk analysis for an organization?A . Senior managementB . Security managerC . Quality managerD . Legal departmentView AnswerAnswer: B Explanation: Although senior management should support and sponsor a risk analysis, the know-how and the management of the project will be with the security department. Quality management...
At what stage of the applications development process should the security department initially become involved?
At what stage of the applications development process should the security department initially become involved?A . When requestedB . At testingC . At programmingD . At detail requirementsView AnswerAnswer: D Explanation: Information security has to be integrated into the requirements of the application's design. It should also be part of...
What immediate action should an information security manager take?
A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?A . Enforce the existing security standardB . Change the standard to permit the deploymentC . Perform a risk analysis...
A good privacy statement should include:
A good privacy statement should include:A . notification of liability on accuracy of information.B . notification that information will be encrypted.C . what the company will do with information it collects.D . a description of the information classification process.View AnswerAnswer: C Explanation: Most privacy laws and regulations require disclosure on...
A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be of MOST value?
A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be of MOST value?A . Examples of genuine incidents at similar organizationsB . Statement of generally accepted best practicesC . Associating realistic threats to corporate...
An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:
An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:A . performance measurement.B . integration.C . alignment.D . value delivery.View AnswerAnswer: C Explanation: Strategic alignment of security with business objectives is a key indicator of performance measurement. In guiding a security...
Which of the following is the MOST important information to include in a strategic plan for information security?
Which of the following is the MOST important information to include in a strategic plan for information security?A . Information security staffing requirementsB . Current state and desired future stateC . IT capital investment requirementsD . information security mission statementView AnswerAnswer: B Explanation: It is most important to paint a...
Which of the following requirements would have the lowest level of priority in information security?
Which of the following requirements would have the lowest level of priority in information security?A . TechnicalB . RegulatoryC . PrivacyD . BusinessView AnswerAnswer: A Explanation: Information security priorities may, at times, override technical specifications, which then must be rewritten to conform to minimum security standards. Regulatory and privacy requirements...
Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:
Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:A . baseline.B . strategy.C . procedure.D . policy.View AnswerAnswer: D Explanation: A policy is a high-level statement of an organization's beliefs, goals, roles and...