The MOST important objective of monitoring key risk indicators (KRIs) related to information security is to:

• A.identify change in security exposures.
• B.meet regulatory compliance requirements.
• C.reduce risk management costs
• D.minimize loss from security incidents.

Comment: *

Name: *

Email: *

Verification: *

Which of the following practices is BEST to remove system access for contractors and other temporary users when it is no longer required?

• A.Log all account usage and send it to their manager
• B.Establish predetermined automatic expiration dates
• C.Require managers to e-mail security when the user leaves
• D.Ensure each individual has signed a security acknowledgement

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?

• A.Ensure security is involved in the procurement process.
• B.Review the third-party contract with the organization s legal department.
• C.Communicate security policy with the third-party vender.
• D.Conduct an information security audit on the third-party vendor.

Comment: *

Name: *

Email: *

Verification: *

Which of the following features of a library control software package would protect against unauthorized updating of source code?

• A.Required approvals at each life cycle step
• B.Date and time stamping of source and object code
• C.Access controls for source libraries
• D.Release-to-release comparison of source code

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY reason for implementing a risk management program?

• A.Allows the organization to eliminate risk
• B.Is a necessary part of management's due diligence
• C.Satisfies audit and regulatory requirements
• D.Assists in incrementing the return on investment (ROD

Comment: *

Name: *

Email: *

Verification: *