After completing a full IT risk assessment, who can BEST decide which mitigating controls should be implemented?

• A.Senior management
• B.Business manager
• C.IT audit manager
• D.Information security officer (ISO)

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST method for determining whether new risks exist in legacy systems?

• A.Frequent updates to the risk register
• B.Regularly scheduled risk assessments
• C.Regularly scheduled security audits
• D.Frequent security architecture reviews

Comment: *

Name: *

Email: *

Verification: *

An organization that has outsourced its incident management capabilities just discovered a of the following is the MOST important action of the information security manager?

• A.Refer to the organization's response plan.
• B.Follow the outsourcer's response plan.
• C.Notify the outsourcer of the privacy breach.
• D.Alert the appropriate law enforcement authorities.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST helpful when creating information security policies?

• A.The information security framework
• B.Business impact analysis (BIA)
• C.Information security metrics
• D.Risk assessment results

Comment: *

Name: *

Email: *

Verification: *

Measuring which of the following is the MOST accurate way to determine the alignment of an information security strategy with organizational goals?

• A.Number of blocked intrusion attempts
• B.Number of business cases reviewed by senior management
• C.Trends in the number of identified threats to the business
• D.Percentage of controls integrated into business processes

Comment: *

Name: *

Email: *

Verification: *