When reporting on the effectiveness of the information security program, which of the following is the BEST way lo demonstrate improvement m security performance?

• A.Present a penetration testing report conducted by a third party
• B.Provide a summary of security project return on investments (ROls) for the past year.
• C.Benchmark security metrics against industry standard
• D.Report the results of a security control self-assessment (CSA).

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be an information security manager s MOST important consideration when conducting a physical security review of a potential outsourced data center?

• A.Environmental factors of the surrounding location
• B.Proximity to law enforcement
• C.Distance of the data center from the corporate office
• D.Availability of network circuit connections

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the BEST metric for the IT risk management process?

• A.Number of risk management action plans
• B.Percentage of critical assets with budgeted remedial
• C.Percentage of unresolved risk exposures
• D.Number of security incidents identified

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY reason for initiating a policy exception process is when:

• A.operations are too busy to comply.
• B.the risk is justified by the benefit.
• C.policy compliance would be difficult to enforce.
• D.users may initially be inconvenienced.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective solution for preventing individuals external to the organization from modifying sensitive information on a corporate database?

• A.Screened subnets
• B.Information classification policies and procedures
• C.Role-based access controls
• D.Intrusion detection system (IDS)

Comment: *

Name: *

Email: *

Verification: *