Which of the following provides an independent assessment of a vendor's internal security controls and overall posture?

• A.ISO27000 accreditation
• B.Financial statements
• C.Alignment with business goals
• D.PCI attestation of compliance

Comment: *

Name: *

Email: *

Verification: *

When considering using a vendor to help support your security devices remotely, what is the BEST choice for allowing access?

• A.Vendors uses their own laptop and logins with same admin credentials your security team uses
• B.Vendor uses a company supplied laptop and logins using two factor authentication wit same admin credentials your security team uses
• C.Vendor uses a company supplied laptop and logins using two factor authentication with their own unique credentials
• D.Vendor uses their own laptop and logins using two factor authentication with their own unique credentials

Comment: *

Name: *

Email: *

Verification: *

The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to_________________________.

• A.perform an independent audit of the security controls
• B.assign the responsibility to the information security team
• C.assign the responsibility to the team responsible for the management of the controls
• D.create operational reports on the effectiveness of the controls.

Comment: *

Name: *

Email: *

Verification: *

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

• A.Define formal roles and responsibilities for Information Security
• B.Define formal roles and responsibilities for Internal audit functions
• C.Create an executive security steering committee
• D.Contract a third party to perform a security risk assessment

Comment: *

Name: *

Email: *

Verification: *

An organization has decided to develop an in-house BCM capability. The organization has determined it is best to follow a BCM standard published by the International Organization for Standardization (ISO).
The BEST ISO standard to follow that outlines the complete lifecycle of BCM is?

• A.ISO 22301 BCM Requirements
• B.ISO 27031 BCM Readiness
• C.ISO 22317 BIA
• D.ISO 22318 Supply Chain Continuity

Comment: *

Name: *

Email: *

Verification: *