A risk management approach to information protection is:

• A.managing risks to an acceptable level, commensurate with goals and objectives.
• B.accepting the security posture provided by commercial security products.
• C.implementing a training program to educate individuals on information protection and risks.
• D.managing risk tools to ensure that they assess all information protection vulnerabilities.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the BEST way for a company 10 reduce the risk of data loss resulting from employee-owned devices accessing the corporate email system?

• A.Require employees to install a reputable mobile anti-virus solution on their personal devices.
• B.Use a mobile device management solution to isolate the local corporate email storage.
• C.Require employees to undergo training before permitting access to the corporate email service
• D.Link the bring-your-own-device (BYOD) policy to the existing staff disciplinary policy.

Comment: *

Name: *

Email: *

Verification: *

Deciding the level of protection a particular asset should be given in BEST determined by:

• A.a threat assessment.
• B.a vulnerability assessment.
• C.a risk analysis.
• D.the corporate risk appetite.

Comment: *

Name: *

Email: *

Verification: *

An organization's information security manager is performing a post-incident review of a security incident in which the following events occurred:
* A bad actor broke into a business-critical FTP server by brute forcing an administrative password
* The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
* The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
* After three (3) hours, the bad actor deleted the FTP directory causing incoming FTP attempts by legitimate customers to fail Which of the following poses the GREATEST risk to the organization related to This event?

• A.Downtime of the service
• B.Disclosure of stolen data
• C.Removal of data
• D.Potential access to the administrator console

Comment: *

Name: *

Email: *

Verification: *

An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

• A.security metrics
• B.service level agreements (SLAs)
• C.risk-reporting methodologies
• D.security requirements for the process being outsourced

Comment: *

Name: *

Email: *

Verification: *