Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?

• A.Security practices not in alignment with ISO 27000 frameworks
• B.Ineffective security awareness program
• C.Lack of technical controls when dealing with credit card data
• D.Lack of compliance to the Payment Card Industry (PCI) standards

Comment: *

Name: *

Email: *

Verification: *

The ability to hold intruders accountable in a court of law is important. Which of the following activities are needed to ensure the highest possibility for successful prosecution?

• A.Establishing Enterprise-owned Botnets for preemptive attacks
• B.Well established and defined digital forensics process
• C.Collaboration with law enforcement
• D.Be able to retaliate under the framework of Active Defense

Comment: *

Name: *

Email: *

Verification: *

Which of the following are the triple constraints of project management?

• A.Time, quality, and scope
• B.Cost, quality, and time
• C.Scope, time, and cost
• D.Quality, scope, and cost

Comment: *

Name: *

Email: *

Verification: *

An organization's Information Security Policy is of MOST importance because

• A.it establishes a framework to protect confidential information
• B.it defines a process to meet compliance requirements
• C.it is formally acknowledged by all employees and vendors
• D.it communicates management's commitment to protecting information resources

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important for a CISO to understand when identifying threats?

• A.How the incident management team prepares to handle an attack
• B.How the firewall and other security devices are configured to prevent attacks
• C.How vulnerabilities can potentially be exploited in systems that impact the organization
• D.How the security operations team will behave to reported incidents

Comment: *

Name: *

Email: *

Verification: *