Who in the organization determines access to information?

• A.Compliance officer
• B.Data Owner
• C.Information security officer
• D.Legal department

Comment: *

Name: *

Email: *

Verification: *

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
When multiple regulations or standards apply to your industry you should set controls to meet the:

• A.Easiest regulation or standard to implement
• B.Most complex standard to implement
• C.Recommendations of your Legal Staff
• D.Stricter regulation or standard

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a fundamental component of an audit record?

• A.Originating IP-Address
• B.Date and time of the event
• C.Failure of the event
• D.Authentication type

Comment: *

Name: *

Email: *

Verification: *

You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget.
Using the best business practices for project management you determine that the project correctly aligns with the company goals and the scope of the project is correct. What is the NEXT step?

• A.Verify budget
• B.Verify constraints
• C.Verify resources
• D.Review time schedules

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST likely to be discretionary?

• A.Standards
• B.Policies
• C.Procedures
• D.Guidelines

Comment: *

Name: *

Email: *

Verification: *