Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?

• A.Meet legal requirements
• B.Meet regulatory compliance requirements
• C.Better understand strengths and weaknesses of the program
• D.Better understand the threats and vulnerabilities affecting the environment

Comment: *

Name: *

Email: *

Verification: *

Which of the following is critical in creating a security program aligned with an organization's goals?

• A.Provide clear communication of security program support requirements and audit schedules
• B.Create security awareness programs that include clear definition of security program goals and charters
• C.Develop a culture in which users, managers and IT professionals all make good decisions about information risk
• D.Ensure security budgets enable technical acquisition and resource allocation based on internal compliance requirements

Comment: *

Name: *

Email: *

Verification: *

A CISO decides to analyze the IT infrastructure to ensure security solutions adhere to the concepts of how hardware and software is implemented and managed within the organization. Which of the following principles does this best demonstrate?

• A.Alignment with the business
• B.Leveraging existing implementations
• C.Proper budget management
• D.Effective use of existing technologies

Comment: *

Name: *

Email: *

Verification: *

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims.
Which of the following vendor provided documents is BEST to make your decision:

• A.Vendor's client list of reputable organizations currently using their solution
• B.Vendor provided reference from an existing reputable client detailing their implementation
• C.Vendor provided attestation of the detailed security controls from a reputable accounting firm
• D.Vendor provided internal risk assessment and security control documentation

Comment: *

Name: *

Email: *

Verification: *

The ultimate goal of an IT security projects is:

• A.Support business requirements
• B.Increase stock value
• C.Implement information security policies
• D.Complete security

Comment: *

Name: *

Email: *

Verification: *