The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for:

• A.Integrity and Availability
• B.International Compliance
• C.Confidentiality, Integrity and Availability
• D.Assurance, Compliance and Availability

Comment: *

Name: *

Email: *

Verification: *

Payment Card Industry (PCI) compliance requirements are based on what criteria?

• A.The types of cardholder data retained
• B.The number of transactions performed per year by an organization
• C.The size of the organization processing credit card data
• D.The duration card holder data is retained

Comment: *

Name: *

Email: *

Verification: *

Which of the following are not stakeholders of IT security projects?

• A.Board of directors
• B.CISO
• C.Third party vendors
• D.Help Desk

Comment: *

Name: *

Email: *

Verification: *

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:

• A.Vendor's client list of reputable organizations currently using their solution
• B.Vendor provided reference from an existing reputable client detailing their implementation
• C.Vendor provided attestation of the detailed security controls from a reputable accounting firm
• D.Vendor provided internal risk assessment and security control documentation

Comment: *

Name: *

Email: *

Verification: *

The ultimate goal of an IT security projects is:

• A.Support business requirements
• B.Complete security
• C.Increase stock value
• D.Implement information security policies

Comment: *

Name: *

Email: *

Verification: *