Establishing which of the following is the BEST way of ensuring that the emergence of new risk is promptly identified?

• A.Incident monitoring activities
• B.Regular risk repotting
• C.Risk monitoring processes
• D.Change control procedures

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST supports the risk assessment process to determine critically of an asset?

• A.Business impact analysis (BIA)
• B.Residual risk analysis
• C.Vulnerability assessment
• D.Threat assessment

Comment: *

Name: *

Email: *

Verification: *

An organization recently implemented a data loss prevention (DLP) system. A senior business executive has complained that the system seriously impedes departmental effectiveness. What is the information security manager's BEST course of action?

• A.Perform a risk assessment.
• B.Change the DLP system.
• C.Request risk acceptance.
• D.Review alternative controls.

Comment: *

Name: *

Email: *

Verification: *

When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?

• A.Create separate policies to address each regulation
• B.Develop policies that meet all mandated requirements
• C.Incorporate policy statements provided by regulators
• D.Develop a compliance risk assessment

Comment: *

Name: *

Email: *

Verification: *

The FIRST step in developing an information security management program is to:

• A.identify business risks that affect the organization.
• B.clarify organizational purpose for creating the program.
• C.assign responsibility for the program.
• D.assess adequacy of controls to mitigate business risks.

Comment: *

Name: *

Email: *

Verification: *