After undertaking a security assessment of a production system, the information security manager is MOST likely to:

• A.establish an overall security program that minimizes the residual risks of that production system
• B.inform the system owner of any residual risks and propose measures to reduce them.
• C.inform the development team of any residual risks and together formulate risk reduction measures.
• D.inform the IT manager of the residual risks and propose measures to reduce them.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY reason for involving information security at each stage in the systems development life cycle (SDLC) is to identify the security implications and potential solutions required for:

• A.identifying vulnerabilities in the system.
• B.sustaining the organization's security posture.
• C.the existing systems that will be affected.
• D.complying with segregation of duties.

Comment: *

Name: *

Email: *

Verification: *

An organization is concerned with the risk of information leakage caused by incorrect use of personally owned smart devices by employees. What is the BEST way for the information security manager to mitigate the associated risk?

• A.Require employees to sign a nondisclosure agreement (NDA).
• B.Implement a mobile device management (MDM) solution.
• C.Document a bring-your-own-device (BYOD) policy.
• D.Implement a multi-factor authentication (MFA) solution.

Comment: *

Name: *

Email: *

Verification: *

The MOST important function of a risk management program is to:

• A.quantify overall risk.
• B.minimize residual risk.
• C.eliminate inherent risk.
• D.maximize the sum of all annualized loss expectancies (ALEs).

Comment: *

Name: *

Email: *

Verification: *

Without prior approval, a training department enrolled the company in a free cloud-based collaboration site and invited employees to use it. Which of the following is the BEST response of the information security manager?

• A.Allow temporary use of the site and monitor for data leakage.
• B.Update the risk register and review the information security strategy.
• C.Report the activity to senior management.
• D.Conduct a risk assessment and develop an impact analysis.

Comment: *

Name: *

Email: *

Verification: *