Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
The CISO has been able to implement a number of technical controls and is able to influence the Information Technology teams but has not been able to influence the rest of the organization.
From an organizational perspective, which of the following is the LIKELY reason for this?

• A.The CISO does not report directly to the CEO of the organization
• B.The CISO has not implemented a security awareness program
• C.The CISO has not implemented a policy management framework
• D.The CISO reports to the IT organization

Comment: *

Name: *

Email: *

Verification: *

An international organization is planning a project to implement encryption technologies to protect company confidential information. This organization has data centers on three continents.
Which of the following would be considered a MAJOR constraint for the project?

• A.Local customer privacy laws
• B.Encryption import/export regulations
• C.Time zone differences
• D.Compliance to local hiring laws

Comment: *

Name: *

Email: *

Verification: *

The total cost of security controls should:

• A.Be equal to the value of the information resource being protected
• B.Should not matter, as long as the information resource is protected
• C.Be greater than the value of the information resource being protected
• D.Be less than the value of the information resource being protected

Comment: *

Name: *

Email: *

Verification: *

The newly appointed CISO of an organization is reviewing the IT security strategic plan. Which of the following is the MOST important component of the strategic plan?

• A.There is integration between IT security and business staffing.
• B.There is a clear definition of the IT security mission and vision.
• C.There is an auditing methodology in place.
• D.The plan requires return on investment for all security projects.

Comment: *

Name: *

Email: *

Verification: *

During a cyber incident, which non-security personnel might be needed to assist the security team?

• A.CIO, CFO, CSO
• B.Financial analyst, payroll clerk, HR manager
• C.Threat analyst, IT auditor, forensic analyst
• D.Network engineer, help desk technician, system administrator

Comment: *

Name: *

Email: *

Verification: *