SCENARIO: A CISO has several two-factor authentication systems under review and
selects the one that is most sufficient and least costly. The implementation project planning is completed and the teams are ready to implement the solution. The CISO then discovers that the product it is not as scalable as originally thought and will not fit the organization's needs.
What is the MOST logical course of action the CISO should take?

• A.Continue with the project until the scalability issue is validated by others, such as an auditor or third party assessor
• B.Continue with the implementation and submit change requests to the vendor in order to ensure required functionality will be provided when needed
• C.Cancel the project if the business need was based on internal requirements versus regulatory compliance requirements
• D.Review the original solution set to determine if another system would fit the organization's risk appetite and budget regulatory compliance requirements

Comment: *

Name: *

Email: *

Verification: *

The process of creating a system which divides documents based on their security level to manage access to private data is known as

• A.security coding
• B.data security system
• C.privacy protection
• D.data classification

Comment: *

Name: *

Email: *

Verification: *

In defining a strategic security plan for an organization, what should a CISO first analyze?

• A.Set goals that are difficult to attain to drive more productivity
• B.Analyze the broader organizational strategic plan
• C.Reach out to a business similar to yours and ask for their plan
• D.Review business acquisitions for the past 3 years

Comment: *

Name: *

Email: *

Verification: *

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

• A.Bi-annually
• B.Quarterly
• C.Semi-annually
• D.Annually

Comment: *

Name: *

Email: *

Verification: *

SCENARIO: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
The CISO has implemented remediation activities. Which of the following is the MOST logical next step?

• A.Validate the effectiveness of applied controls
• B.Validate security program resource requirements
• C.Report the audit findings and remediation status to business stake holders
• D.Review security procedures to determine if they need modified according to findings

Comment: *

Name: *

Email: *

Verification: *