Which of the following should be done FIRST when selecting performance metrics to report on the vendor risk management process?

• A.Identify the intended audience.
• B.Identify the data owner.
• C.Review the confidentiality requirements.
• D.Select the data source

Comment: *

Name: *

Email: *

Verification: *

An information security organization should PRIMARILY:

• A.support the business objectives of the company by providing security-related support services.
• B.be responsible for setting up and documenting the information security responsibilities of the information security team members.
• C.ensure that the information security policies of the company are in line with global best practices and standards.
• D.ensure that the information security expectations are conveyed to employees.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY advantage of having an established information security governance framework in place when an organization is adopting emerging technologies?

• A.An emerging technologies strategy is in place
• B.An effective security risk management process is established
• C.End user acceptance of emerging technologies is established
• D.A cost-benefit analysis process is easier to perform

Comment: *

Name: *

Email: *

Verification: *

Risk identification, analysis, and mitigation activities can BEST be integrated into business life cycle processes by linking them to:

• A.change management
• B.compliance testing
• C.continuity planning
• D.configuration management

Comment: *

Name: *

Email: *

Verification: *

After a server has been attacked, which of the following is the BEST course of action?

• A.Conduct a security audit
• B.Review vulnerability assessment
• C.Isolate the system
• D.Initiate incident response

Comment: *

Name: *

Email: *

Verification: *