An organization is concerned with the risk of information leakage caused by incorrect use of personally owned smart devices by employees. What is the BEST way for the information security manager to mitigate the associated risk?

• A.Require employees to sign a nondisclosure agreement
• B.implement a multi-factor authentication solution.
• C.Implement a mobile device management solution.
• D.Document a bong-your-own-device (BYOD) policy.

Comment: *

Name: *

Email: *

Verification: *

Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?

• A.Number of controls implemented
• B.Percent of control objectives accomplished
• C.Percent of compliance with the security policy
• D.Reduction in the number of reported security incidents

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?

• A.Continuous analysis, monitoring and feedback
• B.Continuous monitoring of the return on security investment (ROSD
• C.Continuous risk reduction
• D.Key risk indicator (KRD setup to security management processes

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY purpose of a periodic threat and risk assessment report to senior management is to communicate the:

• A.probability of future incidents.
• B.cost-benefit of security controls,
• C.status of the security posture.
• D.risk acceptance criteria

Comment: *

Name: *

Email: *

Verification: *

When an organization is using an automated tool to manage and house its business continuity plans, which of the following is the PRIMARY concern?

• A.Ensuring accessibility should a disaster occur
• B.Versioning control as plans are modified
• C.Broken hyperlinks to resources stored elsewhere
• D.Tracking changes in personnel and plan assets

Comment: *

Name: *

Email: *

Verification: *