A security manager has created a risk program. Which of the following is a critical part of ensuring the program is successful?

• A.Ensuring developers include risk control comments in code
• B.Allowing for the acceptance of risk for regulatory compliance requirements
• C.Providing a risk program governance structure
• D.Creating risk assessment templates based on specific threats

Comment: *

Name: *

Email: *

Verification: *

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process. Which of the following represents your BEST course of action?

• A.Validate that security awareness program content includes information about the potential vulnerability
• B.Send a report to executive peers and business unit owners detailing your suspicions
• C.Conduct a thorough risk assessment against the current implementation to determine system functions
• D.Determine program ownership to implement compensating controls

Comment: *

Name: *

Email: *

Verification: *

A missing/ineffective security control is identified. Which of the following should be the NEXT step?

• A.Establish Key Risk Indicators
• B.Perform a risk assessment to measure risk
• C.Perform an audit to measure the control formally
• D.Escalate the issue to the IT organization

Comment: *

Name: *

Email: *

Verification: *

Dataflow diagrams are used by IT auditors to:

• A.Graphically summarize data paths and storage processes.
• B.Order data hierarchically
• C.Highlight high-level data definitions
• D.Portray step-by-step details of data generation.

Comment: *

Name: *

Email: *

Verification: *

Which one of the following BEST describes which member of the management team is accountable for the day-to-day operation of the information security program?

• A.Security mangers
• B.Security administrators
• C.Security technicians
• D.Security analysts

Comment: *

Name: *

Email: *

Verification: *