A global retail organization is looking to implement a consistent Disaster Recovery and Business Continuity Process across all of its business units. Which of the following standards and guidelines can BEST address this organization's need?

• A.Information Technology Infrastructure Library (ITIL)
• B.Payment Card Industry Data Security Standards (PCI-DSS)
• C.International Organization for Standardizations - 27005 (ISO-27005)
• D.International Organization for Standardizations - 22301 (ISO-22301)

Comment: *

Name: *

Email: *

Verification: *

The process to evaluate the technical and non-technical security controls of an IT system to validate that a given design and implementation meet a specific set of security requirements is called

• A.Security system analysis
• B.Security accreditation
• C.Alignment with business practices and goals.
• D.Security certification

Comment: *

Name: *

Email: *

Verification: *

The single most important consideration to make when developing your security program, policies, and processes is:

• A.Establishing your authority as the Security Executive
• B.Alignment with the business
• C.Budgeting for unforeseen data compromises
• D.Streamlining for efficiency

Comment: *

Name: *

Email: *

Verification: *

Which of the following are not stakeholders of IT security projects?

• A.Help Desk
• B.Third party vendors
• C.CISO
• D.Board of directors

Comment: *

Name: *

Email: *

Verification: *

The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees.
Which of the following can be used as a KPI?

• A.Number of successful social engineering attempts on the call center
• B.Number of callers who abandon the call before speaking with a representative
• C.Number of callers who report a lack of customer service from the call center
• D.Number of callers who report security issues.

Comment: *

Name: *

Email: *

Verification: *