What role should the CISO play in properly scoping a PCI environment?

• A.Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data
• B.Validate the business units' suggestions as to what should be included in the scoping process
• C.Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope
• D.Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment

Comment: *

Name: *

Email: *

Verification: *

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

• A.Security Incident Response
• B.Thought leadership
• C.Business continuity planning
• D.Change management

Comment: *

Name: *

Email: *

Verification: *

The process of identifying and classifying assets is typically included in the

• A.Disaster Recovery plan
• B.Business Impact Analysis
• C.Asset configuration management process
• D.Threat analysis process

Comment: *

Name: *

Email: *

Verification: *

Acceptable levels of information security risk tolerance in an organization should be determined by?

• A.Corporate compliance committee
• B.CEO and board of director
• C.Corporate legal counsel
• D.CISO with reference to the company goals

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important when dealing with an Information Security Steering committee:

• A.Be briefed about new trends and products at each meeting by a vendor.
• B.Review all past audit and compliance reports.
• C.Ensure that security policies and procedures have been vetted and approved.
• D.Include a mix of members from different departments and staff levels.

Comment: *

Name: *

Email: *

Verification: *