The risk found after a control has been fully implemented is called:

• A.Total Risk
• B.Residual Risk
• C.Transferred risk
• D.Post implementation risk

Comment: *

Name: *

Email: *

Verification: *

You have been promoted to the CISO of a big-box retail store chain reporting to the Chief Information Officer (CIO). The CIO's first mandate to you is to develop a cybersecurity compliance framework that will meet all the store's compliance requirements.
Which of the following compliance standard is the MOST important to the organization?

• A.NIST Cybersecurity Framework
• B.The Federal Risk and Authorization Management Program (FedRAMP)
• C.Payment Card Industry (PCI) Data Security Standard (DSS)
• D.ISO 27002

Comment: *

Name: *

Email: *

Verification: *

Which of the following can the company implement in order to avoid this type of security issue in the future?

• A.A security training program for developers
• B.An audit management process
• C.A risk management process
• D.Network based intrusion detection systems

Comment: *

Name: *

Email: *

Verification: *

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

• A.Business continuity planning
• B.Change management
• C.Thought leadership
• D.Security Incident Response

Comment: *

Name: *

Email: *

Verification: *

When creating a vulnerability scan schedule, who is the MOST critical person to communicate with in order to ensure impact of the scan is minimized?

• A.The data custodian
• B.The asset owner
• C.The project manager
• D.The asset manager

Comment: *

Name: *

Email: *

Verification: *