Within an organization's vulnerability management program, who has the responsibility to implement remediation actions?

• A.Security officer
• B.Data owner
• C.Vulnerability engineer
• D.System administrator

Comment: *

Name: *

Email: *

Verification: *

What are the primary reasons for the development of a business case for a security project?

• A.To forecast usage and cost per software licensing
• B.To understand the attack vectors and attack sources
• C.To communicate risk and forecast resource needs
• D.To estimate risk and negate liability to the company

Comment: *

Name: *

Email: *

Verification: *

Which one of the following BEST describes which member of the management team is accountable for the day-to-day operation of the information security program?

• A.Security administrators
• B.Security technicians
• C.Security analysts
• D.Security managers

Comment: *

Name: *

Email: *

Verification: *

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees.
Which of the following can be used as a KPI?

• A.Number of callers who report a lack of customer service from the call center
• B.Number of successful social engineering attempts on the call center
• C.Number of callers who abandon the call before speaking with a representative
• D.Number of callers who report security issues.

Comment: *

Name: *

Email: *

Verification: *

According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?

• A.Define Information Security Policy
• B.Identify threats, risks, impacts and vulnerabilities
• C.Define the budget of the Information Security Management System
• D.Decide how to manage risk

Comment: *

Name: *

Email: *

Verification: *