Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

• A.ISO 27000 and Human resources best practices
• B.NIST and Privacy Regulations
• C.ISO 27000 and Payment Card Industry Data Security Standards
• D.NIST and data breach notification laws

Comment: *

Name: *

Email: *

Verification: *

The total cost of security controls should:

• A.Be equal to the value information resource being protected
• B.Should not matter, as long as the information resource is protected
• C.Be greater than the value of the information resource being protected
• D.Be less than the value of the information resource being protected

Comment: *

Name: *

Email: *

Verification: *

Which of the following tests is an IS auditor performing when a sample of programs is selected to determine if the source and object versions are the same?

• A.A substantive test of the program compiler controls
• B.A compliance test of the program compiler controls
• C.A substantive test of program library controls
• D.A compliance test of program library controls

Comment: *

Name: *

Email: *

Verification: *

Your penetration testing team installs an in-line hardware key logger onto one of your network machines. Which of the following is of major concern to the security organization?

• A.In-line hardware keyloggers are relatively inexpensive
• B.In-line hardware keyloggers are undetectable by software
• C.In-line hardware keyloggers don't comply to industry regulations
• D.In-line hardware keyloggers don't require physical access

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a benefit of information security governance?

• A.Reduction of the potential for civil and legal liability
• B.Questioning the trust in vendor relationships.
• C.Direct involvement of senior management in developing control processes
• D.Increasing the risk of decisions based on incomplete management information.

Comment: *

Name: *

Email: *

Verification: *