Which of the following should occur FIRST in the process of managing security risk associated with the transfer of data from unsupported legacy systems to supported systems?

• A.Make backups of the affected systems prior to transfer.
• B.Identify all information assets in the legacy environment.
• C.Assign owners to be responsible for the transfer of each asset.
• D.Increase cyber insurance coverage.

Comment: *

Name: *

Email: *

Verification: *

A root kit was used to capture detailed accounts receivable information. To ensure admissibility of evidence from a legal standpoint, once the incident was identified and the server isolated, the next step should be to:

• A.document how the attack occurred.
• B.notify law enforcement.
• C.take an image copy of the media.
• D.close the accounts receivable system.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be done FIRST when implementing a security program?

• A.Perform a risk analysis
• B.Implement data encryption.
• C.Create an information asset inventory.
• D.Determine the value of information assets.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST evidence that information security governance works as a business enabler?

• A.Security key performance indicators (KPIs) are included in management briefings.
• B.Business initiatives are within risk tolerance.
• C.Business initiatives are prioritized over security initiatives.
• D.Security initiatives have positive return on investment (ROI).

Comment: *

Name: *

Email: *

Verification: *

A common drawback of email software packages that provide native encryption of messages is that the encryption:

• A.has no key-recovery mechanism.
• B.has an insufficient key length.
• C.cannot interoperate across product domains.
• D.cannot encrypt attachments.

Comment: *

Name: *

Email: *

Verification: *