Question 66
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization. From an organizational perspective, which of the following is the LIKELY reason for this?
Question 67
Information security policies should be reviewed:
Question 68
The amount of risk an organization is willing to accept in pursuit of its mission is known as
Question 69
As the CISO for your company you are accountable for the protection of information resources commensurate with:
Question 70
An audit was conducted and many critical applications were found to have no disaster recovery plans in place.
You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application.
What should be the NEXT step?