Which of the following is the MOST usable deliverable of an information security risk analysis?

• A.Business impact analysis (BIA) report
• B.List of action items to mitigate risk
• C.Assignment of risks to process owners
• D.Quantification of organizational risk

Comment: *

Name: *

Email: *

Verification: *

A newly hired information security manager discovers that the cleanup of accounts for terminated employees happens only once a year.
Which of the following should be the information security manager's FIRST course of action?

• A.Design and document a new process.
• B.Update the security policy.
• C.Perform a risk assessment.
• D.Report the issue to senior management.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the FIRST step required to achieve effective performance measurement?

• A.Validate and calibrate metrics.
• B.Define meaningful metrics.
• C.Select and place sensors.
• D.Implement control objectives.

Comment: *

Name: *

Email: *

Verification: *

Documented standards/procedures for the use of cryptography across the enterprise should PRIMARILY:

• A.define the circumstances where cryptography should be used.
• B.define cryp, Graphic algorithms and key lengths.
• C.describe handling procedures of cryptographic keys.
• D.establish the use of cryptographic solutions.

Comment: *

Name: *

Email: *

Verification: *

Planning for the implementation of an information security program is MOST effective when it:

• A.applies techno logy-driven solutions to Identified needs.
• B.applies gap analysts to current and future business plans
• C.uses risk-based analysis for security projects.
• D.uses decision trees to prioritize security projects

Comment: *

Name: *

Email: *

Verification: *