What is the MOST important factor in the successful implementation of an enterprise wide information security program?

• A.Realistic budget estimates
• B.Security awareness
• C.Support of senior management
• D.Recalculation of the work factor

Comment: *

Name: *

Email: *

Verification: *

When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:

• A.details of expected security metrics.
• B.each party's security responsibilities.
• C.penalties for noncompliance with security policy.
• D.recovery time objectives (RTOs).

Comment: *

Name: *

Email: *

Verification: *

Which of the following documents would be the BEST reference to determine whether access control mechanisms are appropriate for a critical application?

• A.User security procedures
• B.Business process flow
• C.IT security policy
• D.Regulatory requirements

Comment: *

Name: *

Email: *

Verification: *

Implementing a strong password policy is part of an organization's information security strategy for the year.
A business unit believes the strategy may adversely affect a client's adoption of a recently developed mobile application and has decided not to implement the policy.
Which of the following is the information security manager's BEST course of action?

• A.Analyze the risk and impact of not implementing the policy.
• B.Develop and implement a password policy for the mobile application.
• C.Escalate non-implementation of the policy to senior management.
• D.Benchmark with similar mobile applications to identify gaps.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST effective in preventing the introduction of a code modification that may reduce the security of a critical business application?

• A.Patch management
• B.Change management
• C.Security metrics
• D.Version control

Comment: *

Name: *

Email: *

Verification: *