What oversight should the information security team have in the change management process for application security?

• A.Development team should tell the information security team about any application security flaws
• B.Information security should be aware of all application changes and work with developers before changes are deployed in production
• C.Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
• D.Information security should be informed of changes to applications only

Comment: *

Name: *

Email: *

Verification: *

Human resource planning for security professionals in your organization is a:

• A.Simple and easy task because the threats are getting easier to find and correct.
• B.Training requirement that is on-going and always changing.
• C.Training requirement that is met through once every year user training.
• D.Not needed because automation and anti-virus software has eliminated the threats.

Comment: *

Name: *

Email: *

Verification: *

Which represents PROPER separation of duties in the corporate environment?

• A.Information Security and Network teams perform two distinct functions
• B.Information Security and Identity Access Management teams perform two distinct functions
• C.Finance has access to Human Resources data
• D.Developers and Network teams both have admin rights on servers

Comment: *

Name: *

Email: *

Verification: *

One of the MAIN goals of a Business Continuity Plan is to

• A.Assign responsibilities to the technical teams responsible for the recovery of all data.
• B.Ensure all infrastructure and applications are available in the event of a disaster
• C.Allow all technical first-responders to understand their roles in the event of a disaster
• D.Provide step by step plans to recover business processes in the event of a disaster

Comment: *

Name: *

Email: *

Verification: *

Which of the following is a major benefit of applying risk levels?

• A.Risk appetite increase within the organization once the levels are understood
• B.Risk management governance becomes easier since most risks remain low once mitigated
• C.Resources are not wasted on risks that are already managed to an acceptable level
• D.Risk budgets are more easily managed due to fewer due to fewer identified risks as a result of using a methodology

Comment: *

Name: *

Email: *

Verification: *