Which of the following activities must be completed BEFORE you can calculate risk?

• A.Determining the likelihood that vulnerable systems will be attacked by specific threats
• B.Assessing the relative risk facing the organization's information assets
• C.Assigning a value to each information asset
• D.Calculating the risks to which assets are exposed in their current setting

Comment: *

Name: *

Email: *

Verification: *

A stakeholder is a person or group:

• A.Vested in the success and/or failure of a project or initiative regardless of budget implications.
• B.Vested in the success and/or failure of a project or initiative and is tied to the project budget.
• C.That has budget authority.
• D.That will ultimately use the system.

Comment: *

Name: *

Email: *

Verification: *

Which of the following methodologies references the recommended industry standard that Information security project managers should follow?

• A.The Security Project And Management Methodology
• B.Project Management System Methodology
• C.Project Management Body of Knowledge
• D.The Security Systems Development Life Cycle

Comment: *

Name: *

Email: *

Verification: *

Why is it vitally important that senior management endorse a security policy?

• A.So that employees will follow the policy directives.
• B.So that external bodies will recognize the organizations commitment to security.
• C.So that they will accept ownership for security within the organization.
• D.So that they can be held legally accountable.

Comment: *

Name: *

Email: *

Verification: *

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?

• A.Adherence to local data breach notification laws
• B.Compliance to Payment Card Industry (PCI) data security standards
• C.International encryption restrictions
• D.Compliance with local government privacy laws

Comment: *

Name: *

Email: *

Verification: *