A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?

• A.Suspend the connection to the application in the firewall
• B.Instruct the vendor to conduct penetration testing.
• C.Initiate the organization's incident response process.
• D.Report the situation to the business owner of the application.

Comment: *

Name: *

Email: *

Verification: *

Which of the following tools BEST demonstrates the effectiveness of the information security program?

• A.Key risk indicators (KRIs)
• B.Management satisfaction surveys
• C.Risk heat map
• D.A security balanced scorecard

Comment: *

Name: *

Email: *

Verification: *

In information security manager MUST have an understanding of the organization's business goals to:

• A.develop an information security strategy.
• B.define key performance indicators (KPIs).
• C.relate information security to change management.
• D.develop operational procedures.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST appropriate for collecting and preserving evidence?

• A.Encrypted hard drives
• B.Generic audit software
• C.Proven forensic processes
• D.Log correlation software

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective way of ensuring that business units comply with an information security governance framework?

• A.Conducting a business impact analysis (BIA)
• B.Integrating security requirements with processes
• C.Conducting information security awareness training
• D.Performing security assessments and gap analyses

Comment: *

Name: *

Email: *

Verification: *