Which of the following would be the BEST option to improve accountability for a system administrator who has security functions?

• A.Include security responsibilities in the job description
• B.Require the administrator to obtain security certification
• C.Train the system administrator on penetration testing and vulnerability assessment
• D.Train the system administrator on risk assessment

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST course of action for an information security manager to align security and business goals?

• A.Reviewing the business strategy
• B.Defining key performance indicators (KPIs)
• C.Conducting a business impact analysis (6IAJ
• D.Actively engaging with stakeholders

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY purpose of aligning information security with corporate governance objectives is to:

• A.re-align roles and responsibilities.
• B.identity an organization s tolerance for risk
• C.consistently manage significant areas of risk.
• D.build capabilities to improve security processes

Comment: *

Name: *

Email: *

Verification: *

When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?

• A.Business management
• B.Operations manager
• C.Information security manager
• D.System users

Comment: *

Name: *

Email: *

Verification: *

When performing an information risk analysis, an information security manager should FIRST:

• A.establish the ownership of assets.
• B.evaluate the risks to the assets.
• C.take an asset inventory.
• D.categorize the assets.

Comment: *

Name: *

Email: *

Verification: *