One of the MAIN goals of a Business Continuity Plan is to_______________.

• A.Ensure all infrastructure and applications are available in the event of a disaster
• B.Assign responsibilities to the technical teams responsible for the recovery of all data
• C.Allow all technical first-responders to understand their roles in the event of a disaster.
• D.Provide step by step plans to recover business processes in the event of a disaster

Comment: *

Name: *

Email: *

Verification: *

You are the Chief Information Security Officer of a large, multinational bank and you suspect there is a flaw in a two factor authentication token management process.
Which of the following represents your BEST course of action?

• A.Conduct a throughout risk assessment against the current implementation to determine system functions
• B.Send a report to executive peers and business unit owners detailing your suspicions
• C.Validate that security awareness program content includes information about the potential vulnerability
• D.Determine program ownership to implement compensating controls

Comment: *

Name: *

Email: *

Verification: *

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following would be the FIRST step when addressing Information Security formally and consistently in this organization?

• A.Contract a third party to perform a security risk assessment
• B.Define formal roles and responsibilities for Information Security
• C.Define formal roles and responsibilities for Internal audit functions
• D.create an executive security steering committee

Comment: *

Name: *

Email: *

Verification: *

A stakeholder is a person or group:

• A.That has budget authority.
• B.Vested in the success and/or failure of a project or initiative regardless of budget implications.
• C.That will ultimately use the system.
• D.Vested in the success and/or failure of a project or initiative and is tied to the project budget.

Comment: *

Name: *

Email: *

Verification: *

The ability to demand the implementation and management of security controls on third parties providing services to an organization is

• A.Security Governance
• B.Vendor management
• C.Compliance management
• D.Disaster recovery

Comment: *

Name: *

Email: *

Verification: *