After adopting an information security framework, an information security manager is working with senior management to change the organization-wide perception that information security is solely the responsibility of the information security department. To achieve this objective, what should be the information security manager's FIRST initiative?

• A.Document and publish the responsibilities of the information security department
• B.Implement a formal process to conduct periodic compliance reviews.
• C.Develop an information security awareness campaign with senior managements support.
• D.Develop an operational plan providing best practices for information security projects.

Comment: *

Name: *

Email: *

Verification: *

An information security manager is recommending an investment in a new security initiative to address recently published threats. Which of the following would be MOST important to include in the business case?

• A.Business impact if threats materialize
• B.Availability of unused funds in the security budget
• C.Threat information from reputable sources
• D.Alignment of the new initiative with the approved business strategy

Comment: *

Name: *

Email: *

Verification: *

An organization is considering moving one of its critical business applications to a cloud hosting service.
The cloud provider may not provide the same level of security for this application as the organization.
Which of the following will provide the BEST information to help maintain the security posture?

• A.Risk assessment
• B.Risk governance framework
• C.Vulnerability assessment
• D.Cloud security strategy

Comment: *

Name: *

Email: *

Verification: *

An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:

• A.prepare properly vetted notifications regarding the incidents to external parties
• B.identify security program gaps or systemic weaknesses that need correction.
• C.document and report the root cause of the incidents for senior management
• D.identify who should be held accountable for the security incidents.

Comment: *

Name: *

Email: *

Verification: *

It is suspected that key emails have been viewed by unauthorized parties The email administrator conducted an investigation but it has not returned any information relating to the incident, and leaks are continuing. Which of the following is the BEST recommended course of action to senior management?

• A.Arrange for an independent review.
• B.Commence security training for staff at the organization.
• C.Rebuild the email application
• D.Restrict the distribution of confidential emails.

Comment: *

Name: *

Email: *

Verification: *