Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?

• A.Ensure security is involved in the procurement process.
• B.Communicate security policy with the third-party vender.
• C.Conduct an information security audit on the third-party vendor.
• D.Review the third-party contract with the organization s legal department.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important when deciding whether to build an alternate facility or subscribe to a third-party hot site?

• A.Cost to build a redundant processing facility and invocation
• B.Daily cost of losing critical systems and recovery time objectives (RTOs)
• C.Infrastructure complexity and system sensitivity
• D.Criticality results from the business impact analysis (BIA)

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST assist an information security manager in measuring the existing level of development of security processes against their desired state?

• A.Security audit reports
• B.Balanced scorecard
• C.Capability maturity model (CMM)
• D.Systems and business security architecture

Comment: *

Name: *

Email: *

Verification: *

A new regulation has been announced that requires mandatory reporting of security incidents that affect personal client information. Which of the following should be the information security manager's FIRST course of action?

• A.Review the current security policy.
• B.Inform senior management of the new regulation.
• C.Update the security incident management process.
• D.Determine impact to the business.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should an information security manager do when a recent internal audit reveals a security risk is more severe than previously assessed?

• A.Update the risk register and notify the CISC
• B.Escalate the finding to the business owner and obtain a remediation plan.
• C.Validate the finding is legitimate and not a false positive.
• D.Review the remainder of the internal audit report.

Comment: *

Name: *

Email: *

Verification: *