Which of the following represents the BEST method of ensuring security program alignment to business needs?

• A.Ensure security implementations include business unit testing and functional validation prior to production rollout
• B.Create a comprehensive security awareness program and provide success metrics to business units
• C.Ensure the organization has strong executive-level security representation through clear sponsorship or the creation of a CISO role
• D.Create security consortiums, such as strategic security planning groups, that include business unit participation

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides an audit framework?

• A.National Institute of Standards and Technology (NIST) SP 800-30
• B.International Organization Standard (ISO) 27002
• C.Control Objectives for IT (COBIT)
• D.Payment Card Industry-Data Security Standard (PCI-DSS)

Comment: *

Name: *

Email: *

Verification: *

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers." What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

• A.Cite corporate policy and insist on compliance with audit findings
• B.Cite compliance with laws, statutes, and regulations - explaining the financial implications for the company for non-compliance
• C.Draw from your experience and recount stories of how other companies have been compromised
• D.Understand the business and focus your efforts on enabling operations securely

Comment: *

Name: *

Email: *

Verification: *

An organization information security policy serves to___________________.

• A.define relationships with external law enforcement agencies
• B.establish acceptable systems and user behavior
• C.None
• D.define security configurations for systems
• E.establish budgetary input in order to meet compliance requirements

Comment: *

Name: *

Email: *

Verification: *

John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they've already completed the project work they were contracted to do.
What can John do in this instance?

• A.refer to the contract agreement for direction.
• B.Refer the vendor to the Service Level Agreement (SLA) and insist that they make the changes.
• C.Review the Request for proposal (RFP) for guidance.
• D.Withhold the vendor's payments until the issue is resolved.

Comment: *

Name: *

Email: *

Verification: *