Which of the following represents the BEST reason for an organization to use the Control Objectives for Information and Related Technology (COBIT) as an Information Technology (IT) framework?

• A.Information Security (IS) procedures often require augmentation with other standards
• B.Implementation of it eases an organization's auditing and compliance burden
• C.It allows executives to more effectively monitor IT implementation costs
• D.It provides for a consistent and repeatable staffing model for technology organizations

Comment: *

Name: *

Email: *

Verification: *

What is the BEST reason for having a formal request for proposal process?

• A.Informs suppliers a company is going to make a purchase
• B.Clearly identifies risks and benefits before funding is spent
• C.Creates a timeline for purchasing and budgeting
• D.Allows small companies to compete with larger companies

Comment: *

Name: *

Email: *

Verification: *

An organization information security policy serves to

• A.establish acceptable systems and user behavior
• B.define security configurations for systems
• C.define relationships with external law enforcement agencies
• D.establish budgetary input in order to meet compliance requirements

Comment: *

Name: *

Email: *

Verification: *

A system was hardened at the Operating System level and placed into the production environment. Months later an audit was performed and it identified insecure configuration different from the original hardened state. Which of the following security issues is the MOST likely reason leading to the audit findings?

• A.Lack of change management processes
• B.Lack of proper access controls
• C.Lack of asset management processes
• D.Lack of hardening standards

Comment: *

Name: *

Email: *

Verification: *

Which of the following represents the BEST method of ensuring security program alignment to business needs?

• A.Create a comprehensive security awareness program and provide success metrics to business units
• B.Create security consortiums, such as strategic security planning groups, that include business unit participation
• C.Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role
• D.Ensure security implementations include business unit testing and functional validation prior to production rollout

Comment: *

Name: *

Email: *

Verification: *