When developing an incident response plan, the information security manager should:

• A.include response scenarios that have been approved previously by business management.
• B.allow IT to decide which systems can be removed from the infrastructure.
• C.require IT to invoke the business continuity plan.
• D.determine recovery time objectives (RTOs).

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective way to detect social engineering attacks?

• A.Implement real-time monitoring of security-related events.
• B.Encourage staff to report any suspicious activities.
• C.Provide incident management training to all start.
• D.Implement an acceptable use policy.

Comment: *

Name: *

Email: *

Verification: *

Noncompliance issues were identified through audit. Which of the following is the BEST approach for the information security manager to ensure that issues are resolved in a timely manner?

• A.Collaborate with the business process owner to implement mitigation controls.
• B.Develop a solution independently
• C.Escalate the noncompliance issues to senior management
• D.Perform a risk assessment.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an indicator of improvement in the ability to identify security risks?

• A.Increased number of reported security incidents
• B.Decreased number of staff requiring information security training
• C.Increased number of security audit issues resolved
• D.Decreased number of information security risk assessments

Comment: *

Name: *

Email: *

Verification: *

Effective information security policies should be PRIMARILY developed based on:

• A.the organization's risk profile.
• B.industry best practices.
• C.the cost of implementation,
• D.the ease of enforcement.

Comment: *

Name: *

Email: *

Verification: *