During the course of a risk analysis your IT auditor identified threats and potential impacts. Next, your IT auditor should:

• A.Identify and evaluate the existing controls.
• B.Identify and assess the risk assessment process used by management.
• C.Identify information assets and the underlying systems.
• D.Disclose the threats and impacts to management.

Comment: *

Name: *

Email: *

Verification: *

A new CISO just started with a company and on the CISO's desk is the last complete Information Security Management audit report. The audit report is over two years old. After reading it, what should be the CISO's FIRST priority?

• A.Contract with an external audit company to conduct an unbiased audit
• B.Have internal audit conduct another audit to see what has changed.
• C.Review the recommendations and follow up to see if audit implemented the changes
• D.Meet with audit team to determine a timeline for corrections

Comment: *

Name: *

Email: *

Verification: *

A recommended method to document the respective roles of groups and individuals for a given process is to:

• A.Develop an isolinear response matrix with cost benefit analysis projections
• B.Develop a detailed internal organization chart
• C.Develop a telephone call tree for emergency response
• D.Develop a Responsible, Accountable, Consulted, Informed (RACI) chart

Comment: *

Name: *

Email: *

Verification: *

Bob waits near a secured door, holding a box. He waits until an employee walks up to the secured door and uses the special card in order to access the restricted area of the target company. Just as the employee opens the door, Bob walks up to the employee (still holding the box) and asks the employee to hold the door open so that he can enter. What is the best way to undermine the social engineering activity of tailgating?

• A.Issue special cards to access secure doors at the company and provide a one-time only brief description of use of the special card
• B.Post a sign that states, "no tailgating" next to the special card reader adjacent to the secure door
• C.Setup a mock video camera next to the special card reader adjacent to the secure door
• D.Educate and enforce physical security policies of the company to all the employees on a regular basis

Comment: *

Name: *

Email: *

Verification: *

The effectiveness of an audit is measured by?

• A.How the recommendations directly support the goals of the company
• B.The number of actionable items in the recommendations
• C.The number of security controls the company has in use
• D.How it exposes the risk tolerance of the company

Comment: *

Name: *

Email: *

Verification: *