What is the role of the information security manager in finalizing contract negotiations with service providers?

• A.To update security standards for the outsourced process
• B.To obtain a security standard certification from the provider
• C.To ensure that clauses for periodic audits are included
• D.To perform a risk analysis on the outsourcing process

Comment: *

Name: *

Email: *

Verification: *

Which of the following documents would be the BES T reference to determine whether access control mechanisms are appropriate for a critical application?

• A.User security procedures
• B.Business process flow
• C.IT security policy
• D.Regulatory requirements

Comment: *

Name: *

Email: *

Verification: *

The MAIN benefit of implementing a data loss prevention (DLP) solution is to:

• A.enhance the organization's antivirus controls.
• B.eliminate the risk of data loss.
• C.complement the organization's detective controls.
• D.reduce the need for a security awareness program.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be an information security manager's FIRST course of action when a newly introduced privacy regulation affects the business?

• A.Consult with IT staff and assess the risk based on their recommendations
• B.Update the security policy based on the regulatory requirements
• C.Propose relevant controls to ensure the business complies with the regulation
• D.Identify and assess the risk in the context of business objectives

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST indicator that security awareness training has been effective?

• A.Employees sign to acknowledge the security policy
• B.More incidents are being reported
• C.A majority of employees have completed training
• D.No incidents have been reported in three months

Comment: *

Name: *

Email: *

Verification: *