The PRIMARY purpose of asset valuation for the management of information security is to:

• A.determine the value of each asset
• B.eliminate the least significant assets.
• C.provide a basis for asset classification.
• D.prioritize risk management activities.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST critical when creating an incident response plan?

• A.Identifying what constitutes an incident
• B.Identifying vulnerable data assets
• C.Aligning with the risk assessment process
• D.Decumenting incident notification and escalation processes

Comment: *

Name: *

Email: *

Verification: *

An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

• A.security metrics
• B.service level agreements (SLAs)
• C.risk-reporting methodologies
• D.security requirements for the process being outsourced

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST critical for prioritizing actions in a business continuity plan (BCP)?

• A.Risk assessment
• B.Business impact analysis (6IA)
• C.Asset classification
• D.Business process mapping

Comment: *

Name: *

Email: *

Verification: *

Which of the following has the PRIMARY responsibility of ensuring an organizations information security strategy supports business goals?

• A.Chief executive officer (CEO)
• B.Information security steering committee
• C.Audit committee
• D.Chief information security officer (CISO)

Comment: *

Name: *

Email: *

Verification: *