An organization licenses and uses personal information for business operations, and a server containing that information has been compromised. What kind of law would require notifying the owner or licensee of this incident?

• A.Security incident disclosure
• B.Consumer right disclosure
• C.Data breach disclosure
• D.Special circumstance disclosure

Comment: *

Name: *

Email: *

Verification: *

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims.
Which of the following vendor provided documents is BEST to make your decision:

• A.Vendor's client list of reputable organizations currently using their solution
• B.Vendor provided reference from an existing reputable client detailing their implementation
• C.Vendor provided internal risk assessment and security control documentation
• D.Vendor provided attestation of the detailed security controls from a reputable accounting firm

Comment: *

Name: *

Email: *

Verification: *

Which of the following activities is the MAIN purpose of the risk assessment process?

• A.Assigning value to each information asset
• B.Creating an inventory of information assets
• C.Classifying and organizing information assets into meaningful groups
• D.Calculating the risks to which assets are exposed in their current setting

Comment: *

Name: *

Email: *

Verification: *

With respect to the audit management process, management response serves what function?

• A.adding controls to ensure that proper oversight is achieved by management
• B.determining whether or not resources will be allocated to remediate a finding
• C.placing underperforming units on notice for failing to meet standards
• D.revealing the "root cause" of the process failure and mitigating for all internal and external units

Comment: *

Name: *

Email: *

Verification: *

As the CISO you need to write the IT security strategic plan. Which of the following is the MOST important to review before you start writing the plan?

• A.The existing IT environment.
• B.The present IT budget.
• C.The company business plan.
• D.Other corporate technology trends.

Comment: *

Name: *

Email: *

Verification: *