Which of the following is the PRIMARY reason to regularly update business continuity and disaster recovery documents?

• A.To enforce security policy requirements
• B.To ensure audit and compliance requirements are met
• C.To maintain business asset inventories
• D.To ensure the availability of business operations

Comment: *

Name: *

Email: *

Verification: *

A risk has been formally accepted and documented. Which of the following is the MOST important action for an information security manager?

• A.Re-evaluate the organization's risk appetite
• B.Notify senior management and the board.
• C.Monitor the environment for changes
• D.Update risk tolerance levels.

Comment: *

Name: *

Email: *

Verification: *

The FIRST step in establishing a security governance program is to:

• A.conduct a risk assessment.
• B.conduct a workshop for all end users.
• C.prepare a security budget.
• D.obtain high-level sponsorship.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an example of a change to the external threat landscape?

• A.A commonly used encryption algorithm has been compromised.
• B.Industry security standards have been modified.
• C.The organization has been purchased by another entity.
• D.The information security program has been outsourced.

Comment: *

Name: *

Email: *

Verification: *

When outsourcing information security administration, it is important for an organization to include:

• A.contingency plans
• B.nondisclosure agreements (NDAs)
• C.service level agreements (SLAs)
• D.insurance requirements

Comment: *

Name: *

Email: *

Verification: *