Which of the following is the MOST appropriate board-level activity for information security governance?

• A.Establish security and continuity ownership
• B.Develop "what-if" scenarios on incidents
• C.Establish measures for security baselines
• D.Include security in job-performance appraisals

Comment: *

Name: *

Email: *

Verification: *

A company is considering a new automated system that requires implementation of wireless devices for data capture. Even though wireless is not an approved technology, senior management has accepted the risk and approved a Proof-of-Concept (POC) to evaluate the technology and proposed solution. Which of the following is the information security manager's BEST course of action?

• A.Implement a wireless intrusion detection system (IDS).
• B.Sandbox the proposed solution.
• C.Provide personnel with wireless security training.
• D.Develop corporate wireless standards.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be triggered FIRST when unknown malware has infected an organization's critical system?

• A.Incident response plan
• B.Disaster recovery plan (DRP)
• C.Business continuity plan (BCP)
• D.Vulnerability management plan

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST enables an organization to maintain an appropriate security control environment?

• A.Periodic employee security training
• B.Monitoring of the threat landscape
• C.Budgetary support for security
• D.Alignment to an industry security framework

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST approach to reduce unnecessary duplication of compliance activities?

• A.Automation of controls
• B.Documentation of control procedures
• C.Integration of assurance efforts
• D.Standardization of compliance requirements

Comment: *

Name: *

Email: *

Verification: *