Which of the following is MOST important in developing a security strategy?

• A.Creating a positive business security environment
• B.Understanding key business objectives
• C.Having a reporting line to senior management
• D.Allocating sufficient resources to information security

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST usable deliverable of an information security risk analysis?

• A.Business impact analysis (BIA) report
• B.List of action items to mitigate risk
• C.Assignment of risks to process owners
• D.Quantification of organizational risk

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the PRIMARY objective when establishing a new information security program?

• A.Optimizing resources
• B.Facilitating operational security
• C.Executing the security strategy
• D.Achieving regulatory compliance

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST method for determining whether new risks exist in legacy applications?

• A.Regularly scheduled risk assessments
• B.Automated vulnerability scans
• C.Third-party penetration testing
• D.Frequent updates to the risk register

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST method or technique to ensure the effective implementation of an information security program?

• A.Obtain the support of the board of directors.
• B.Improve the content of the information security awareness program.
• C.Improve the employees' knowledge of security policies.
• D.Implement logical access controls to the information systems.

Comment: *

Name: *

Email: *

Verification: *