When conducting a post-incident review, the benefit of collecting mean time to resolution (MTTR) data is the ability to:

• A.reduce the costs of future preventive controls.
• B.verify compliance with the service level agreement (SLA).
• C.learn of potential areas of improvement.
• D.provide metrics for reporting to senior management.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important requirement for setting up an information security infrastructure for a new system?

• A.Performing a business impact analysis (BIA)
• B.Considering personal information devices as pan of the security policy
• C.Initiating IT security training and familiarization
• D.Basing the information security infrastructure on risk assessment

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST effective in preventing the introduction of a code modification that may reduce the security of a critical business application?

• A.Patch management
• B.Change management
• C.Security metrics
• D.Version control

Comment: *

Name: *

Email: *

Verification: *

What should an information security manager do FIRST after a number of security gaps have been identified that need to be resolved?

• A.Prioritize responses based on likelihood and impact.
• B.Perform a cost-benefit analysis.
• C.Develop and implement incident response strategies.
• D.Consolidate overlapping controls.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is BEST used to determine the maturity of an information security program?

• A.Security budget allocation
• B.Organizational risk appetite
• C.Risk assessment results
• D.Security metrics

Comment: *

Name: *

Email: *

Verification: *