When selecting a security solution with reoccurring maintenance costs after the first year (choose the BEST answer):

• A.The CISO should cut other essential programs to ensure the new solution's continued use
• B.Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution's continued use
• C.Implement the solution and ask for the increased operating cost budget when it is time
• D.Defer selection until the market improves and cash flow is positive

Comment: *

Name: *

Email: *

Verification: *

An auditor is reviewing the security classifications for a group of assets and finds that many of the assets are not correctly classified.
What should the auditor's NEXT step be?

• A.Identify the owner of the asset and induce the owner to apply a proper classification
• B.Immediately notify the board of directors of the organization as to the finding
• C.Correct the classifications immediately based on the auditor's knowledge of the proper classification
• D.Document the missing classifications

Comment: *

Name: *

Email: *

Verification: *

Which of the following is considered a project versus a managed process?

• A.monitoring external and internal environment during incident response
• B.continuous vulnerability assessment and vulnerability repair
• C.ongoing risk assessments of routine operations
• D.installation of a new firewall system

Comment: *

Name: *

Email: *

Verification: *

Which of the following most commonly falls within the scope of an information security
governance steering committee?

• A.Interviewing candidates for information security specialist positions
• B.Vetting information security policies
• C.Developing content for security awareness programs
• D.Approving access to critical financial systems

Comment: *

Name: *

Email: *

Verification: *

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims. Which of the following vendor provided documents is BEST to make your decision:

• A.Vendor provided internal risk assessment and security control documentation
• B.Vendor provided attestation of the detailed security controls from a reputable accounting firm
• C.Vendor provided reference from an existing reputable client detailing their implementation
• D.Vendor's client list of reputable organizations currently using their solution

Comment: *

Name: *

Email: *

Verification: *