As a new CISO at a large healthcare company you are told that everyone has to badge in to get in the building. Below your office window you notice a door that is normally propped open during the day for groups of people to take breaks outside. Upon looking closer you see there is no badge reader. What should you do?

• A.Nothing, this falls outside your area of influence.
• B.Post a guard at the door to maintain physical security
• C.Close and chain the door shut and send a company-wide memo banning the practice.
• D.Have a risk assessment performed.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a weakness of an asset or group of assets that can be exploited by one or more threats?

• A.Threat
• B.Vulnerability
• C.Exploitation
• D.Attack vector

Comment: *

Name: *

Email: *

Verification: *

An employee successfully avoids becoming a victim of a sophisticated spear phishing attack due to knowledge gained through the corporate information security awareness program. What type of control has been effectively utilized?

• A.Technical Control
• B.Training Control
• C.Operational Control
• D.Management Control

Comment: *

Name: *

Email: *

Verification: *

The process for management approval of the security certification process which states the risks and mitigation of such risks of a given IT system is called___________________.

• A.Security system analysis
• B.Security certification
• C.Security accreditation
• D.Alignment with business practices

Comment: *

Name: *

Email: *

Verification: *

Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?

• A.Legal and Human Resources
• B.Budget and Compliance
• C.Audit and Legal
• D.Human Resources and Budget

Comment: *

Name: *

Email: *

Verification: *