The regular review of a firewall ruleset is considered a

• A.Technical control
• B.Procedural control
• C.Organization control
• D.Management control

Comment: *

Name: *

Email: *

Verification: *

File Integrity Monitoring (FIM) is considered a

• A.Security detective control
• B.Software segmentation control
• C.Network based security preventative control
• D.User segmentation control

Comment: *

Name: *

Email: *

Verification: *

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

• A.Perform a risk assessment to measure risk
• B.Establish Key Risk Indicators
• C.Escalate the issue to the IT organization
• D.Perform an audit to measure the control formally

Comment: *

Name: *

Email: *

Verification: *

What oversight should the information security team have in the change management process for application security?

• A.Development team should tell the information security team about any application security flaws
• B.Information security should be aware of all application changes and work with developers before changes are deployed in production
• C.Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
• D.Information security should be informed of changes to applications only

Comment: *

Name: *

Email: *

Verification: *

Which business stakeholder is accountable for the integrity of a new information system?

• A.Compliance Officer
• B.Board of directors
• C.CISO
• D.Project manager

Comment: *

Name: *

Email: *

Verification: *