Which of the following is the MOST important consideration when developing information security objectives?

• A.They are clear and can be understood by stakeholders.
• B.They are regularly reassessed and reported to stakeholders.
• C.They are identified using global security frameworks and standards.
• D.They are approved by the IT governance function.

Comment: *

Name: *

Email: *

Verification: *

A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:

• A.remain unchanged to avoid variations across the organization
• B.not deviate from industry best practice baselines.
• C.be updated to address emerging threats and vulnerabilities.
• D.be changed for different subsets of the systems to minimize impact,

Comment: *

Name: *

Email: *

Verification: *

The MOST important factor in ensuring the success of an information security program is effective:

• A.communication of information security requirements to all users in the organization.
• B.formulation of policies and procedures for information security.
• C.alignment with organizational goals and objectives.
• D.monitoring compliance with information security policies and procedures.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be determined while defining risk management strategies?

• A.Risk assessment criteria
• B.Organizational objectives and risk appetite
• C.IT architecture complexity
• D.Enterprise disaster recovery plans

Comment: *

Name: *

Email: *

Verification: *

When implementing a new risk assessment methodology, which of the following is the MOST important requirement?

• A.Risk assessments must be reviewed annually.
• B.The methodology used must be consistent across the organization.
• C.Risk assessments must be conducted by certified staff.
• D.The methodology must be approved by the chief executive officer.

Comment: *

Name: *

Email: *

Verification: *