Based on the information provided, which of the following situations presents the GREATEST information security risk for an organization with multiple, but small, domestic processing locations?

• A.Systems operation procedures are not enforced
• B.Change management procedures are poor
• C.Systems development is outsourced
• D.Systems capacity management is not performed

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST approach for an organization desiring to protect its intellectual property?

• A.Conduct awareness sessions on intellectual property policy
• B.Require all employees to sign a nondisclosure agreement
• C.Promptly remove all access when an employee leaves the organization
• D.Restrict access to a need-to-know basis

Comment: *

Name: *

Email: *

Verification: *

A review of a number of recent XT system rollouts identified a failure to incorporate security within planning, development and implementation. Which of the following is the MOST effective way to prevent a recurrence for future systems?

• A.Train and test system developers m secure coding practices.
• B.Implement security assessments throughout the systems development life cycle.
• C.Conduct regular security audits during system implementation stages.
• D.Require penetration tests before production implementation.

Comment: *

Name: *

Email: *

Verification: *

An organization plans to contract with an outside service provider to host its corporate web site. The MOST important concern for the information security manager is to ensure that:

• A.an audit of the service provider uncovers no significant weakness.
• B.the contract includes a nondisclosure agreement (NDA) to protect the organization's intellectual property.
• C.the contract should mandate that the service provider will comply with security policies.
• D.the third-party service provider conducts regular penetration testing.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the FIRST step in developing a business continuity plan (BCPY}?

• A.Determine available resources.
• B.Determine the business recovery strategy.
• C.Identify the applications with the shortest recovery time objectives (RTOs).
• D.Identify critical business processes.

Comment: *

Name: *

Email: *

Verification: *