When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?

• A.ITILv3
• B.PRINCE2
• C.ISO 27001
• D.ISO 27004

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST likely to be discretionary?

• A.Policies
• B.Standards
• C.Guidelines
• D.Procedures

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

• A.Need to better understand the risk associated with using PII data
• B.Fiduciary responsibility to safeguard credit card information
• C.Need to comply with breach disclosure laws
• D.Need to transfer the risk associated with hosting PII data

Comment: *

Name: *

Email: *

Verification: *

Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture.
What would be the BEST choice of security metrics to present to the BOD?

• A.Only critical and high vulnerabilities that impact important production servers
• B.All vulnerabilities that impact important production servers
• C.All vulnerabilities found on servers and desktops
• D.Only critical and high vulnerabilities on servers and desktops

Comment: *

Name: *

Email: *

Verification: *

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

• A.Identify information assets and the underlying systems.
• B.Identify and evaluate the existing controls.
• C.Identify and assess the risk assessment process used by management.
• D.Disclose the threats and impacts to management.

Comment: *

Name: *

Email: *

Verification: *