An organization that has outsourced its incident management capabilities just discovered a significant privacy breach by an unknown attacker. Which of the following is the important action of the information security manager?

• A.Notify the outsourcer of the privacy breach.
• B.Refer to the organization's response plan.
• C.Follow the outsourcer's response plan.
• D.Alert the appropriate law enforcement authorities.

Comment: *

Name: *

Email: *

Verification: *

When an organization is implementing an information security governance program, its board of directors should be responsible for:

• A.drafting information security policies.
• B.reviewing training and awareness programs.
• C.setting the strategic direction of the program.
• D.auditing for compliance.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the KEY outcome of conducting a post-incident review?

• A.Compliance requirements are met.
• B.Root cause is validated.
• C.Risk appetite is validated.
• D.Chain of custody is maintained.

Comment: *

Name: *

Email: *

Verification: *

A policy has been established requiting users to install mobile device management (MDM) software on their personal devices Which of the following would BEST mitigate the risk created by noncompliance with this policy?

• A.Disabling remote access from the mobile device
• B.Requiring users to sign off on terms and conditions
• C.Issuing warnings and documenting noncompliance
• D.Issuing company-configured mobile devices

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST helpful in gaining support for a business case for an information security initiative?

• A.Demonstrating organizational alignment
• B.Emphasizing threats to the organization
• C.Referencing control deficiencies
• D.Presenting a solution comparison matrix

Comment: *

Name: *

Email: *

Verification: *