The MOST important objective of monitoring key risk indicators (KRIs) related to information security is to:

• A.reduce risk management costs
• B.minimize loss from security incidents.
• C.meet regulatory compliance requirements.
• D.identify change m security exposures.

Comment: *

Name: *

Email: *

Verification: *

An information security manager is developing a business case for an investment in an information security control. The FIRST step should be to:

• A.research vendor pricing to show cost efficiency
• B.assess potential impact to the organization
• C.demonstrate increased productivity of security staff
• D.gain audit buy-in for the security control

Comment: *

Name: *

Email: *

Verification: *

When establishing an information security strategy, which of the following activities Is MOST helpful in Identifying critical areas to be protected?

• A.Conducting a risk assessment
• B.Performing vulnerability scans
• C.Establishing a baseline of network operations
• D.Adopting an information security framework

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY objective of incident classification?

• A.Complying with regulatory requirements
• B.Increasing response efficiency
• C.Enabling incident reporting
• D.Reducing escalations to management

Comment: *

Name: *

Email: *

Verification: *

Requiring all employees and contractors to meet personnel security/suitability requirements commensurate with their position sensitivity level and subject to personnel screening is an example of a security:

• A.policy.
• B.strategy.
• C.guideline
• D.baseline.

Comment: *

Name: *

Email: *

Verification: *