Which of the following is the MOST important consideration for designing an effective information security governance framework?

• A.Defined security metrics
• B.Continuous audit cycle
• C.Security policy provisions
• D.Security controls automation

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important in the development of metrics for the effectiveness of information security?

• A.Using qualitative risk assessment results
• B.Using standard reporting tools
• C.Using quantitative measurement
• D.Using clearly defined objectives

Comment: *

Name: *

Email: *

Verification: *

The MOST important success factor to design an effective IT security awareness program is to:

• A.customize the content to the target audience.
• B.ensure senior management is represented.
• C.ensure that all the staff is trained.
• D.avoid technical content but give concrete examples.

Comment: *

Name: *

Email: *

Verification: *

When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?

• A.Compliance with international security standards.
• B.Use of a two-factor authentication system.
• C.Existence of an alternate hot site in case of business disruption.
• D.Compliance with the organization's information security requirements.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to consider when determining the effectiveness of the Information security governance program?

• A.Risk tolerance levels
• B.Maturity models
• C.Key performance indicators (KPIs)
• D.Key risk indicators (KRIs)

Comment: *

Name: *

Email: *

Verification: *