An information security manager has been asked to identify potential threats to the organization's information.
Which of the following should be done FIRST'

• A.Develop a risk profile.
• B.Review cyber insurance coverage.
• C.Engage a third-parry consultant
• D.Select a governance framework.

Comment: *

Name: *

Email: *

Verification: *

From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities?

• A.Enhanced policy compliance
• B.Improved procedure flows
• C.Segregation of duties
• D.Better accountability

Comment: *

Name: *

Email: *

Verification: *

When personal information is transmitted across networks, there MUST be adequate controls over:

• A.change management.
• B.privacy protection.
• C.consent to data transfer.
• D.encryption devices.

Comment: *

Name: *

Email: *

Verification: *

An information security manager learns that a departmental system is out of compliance with the information security policy's authentication requirements. Which of the following should be the information security manager's FIRST course of action?

• A.Conduct an impact analysis to quantify the associated risk
• B.Request risk acceptance from senior management.
• C.Submit the issue to the steering committee for escalation.
• D.Isolate the noncompliant system from the rest of the network.

Comment: *

Name: *

Email: *

Verification: *

Security policies should be aligned MOST closely with:

• A.industry' best practices.
• B.organizational needs.
• C.generally accepted standards.
• D.local laws and regulations.

Comment: *

Name: *

Email: *

Verification: *