A method to transfer risk is to______________.

• A.Move operations to another region
• B.Purchase breach insurance
• C.Implement redundancy
• D.Alignment with business operations

Comment: *

Name: *

Email: *

Verification: *

How often should the Statements of Standards for Attestation Engagements-16 (SSAE16)/International Standard on Assurance Engagements 3402 (ISAE3402) report of your vendors be reviewed?

• A.Annually
• B.Quarterly
• C.Bi-annually
• D.Semi-annually

Comment: *

Name: *

Email: *

Verification: *

Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates.
When multiple regulations or standards apply to your industry you should set controls to meet the:

• A.Easiest regulation or standard to implement
• B.Recommendations of your Legal Staff
• C.Most complex standard to implement
• D.Stricter regulation or standard

Comment: *

Name: *

Email: *

Verification: *

Scenario: You are the CISO and are required to brief the C-level executive team on your information security audit for the year. During your review of the audit findings you discover that many of the controls that were put in place the previous year to correct some of the findings are not performing as needed. You have thirty days until the briefing.
To formulate a remediation plan for the non-performing controls what other document do you need to review before adjusting the controls?

• A.Business Impact Analysis
• B.Business Continuity plan
• C.Security roadmap
• D.Annual report to shareholders

Comment: *

Name: *

Email: *

Verification: *

During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

• A.Identify information assets and the underlying systems.
• B.Identify and assess the risk assessment process used by management.
• C.Identify and evaluate the existing controls.
• D.Disclose the threats and impacts to management.

Comment: *

Name: *

Email: *

Verification: *