A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?

• A.Enforce the existing security standard
• B.Change the standard to permit the deployment
• C.Perform a risk analysis to quantify the risk
• D.Perform research to propose use of a better technology

Comment: *

Name: *

Email: *

Verification: *

What is the MOST appropriate change management procedure for the handling of emergency program changes?

• A.Formal documentation does not need to be completed before the change
• B.Business management approval must be obtained prior to the change
• C.Documentation is completed with approval soon after the change
• D.All changes must follow the same process

Comment: *

Name: *

Email: *

Verification: *

Which of the following stakeholders would provide the BEST guidance in aligning the information security strategy with organizational goals?

• A.Chief information officer (CIO)
• B.information security steering committee
• C.Board of directors
• D.Chief information security officer (CISO)

Comment: *

Name: *

Email: *

Verification: *

If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST

• A.implement controls to mitigate the risk to an acceptable level
• B.assess the gap between current and acceptable level of risk
• C.recommend that management avoids the business activity
• D.transfer risk to a third party to avoid cost of impact

Comment: *

Name: *

Email: *

Verification: *

Security monitoring mechanisms should PRIMARILY:

• A.focus on business-critical information.
• B.assist owners to manage control risks.
• C.focus on detecting network intrusions.
• D.record all security violations.

Comment: *

Name: *

Email: *

Verification: *