John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they've already completed the project work they were contracted to do.
What can John do in this instance?

• A.Withhold the vendor's payments until the issue is resolved.
• B.refer to the contract agreement for direction.
• C.Refer the vendor to the Service Level Agreement (SLA) and insist that they make the changes.
• D.Review the Request for proposal (RFP) for guidance.

Comment: *

Name: *

Email: *

Verification: *

One of the MAIN goals of a Business Continuity Plan is to

• A.Assign responsibilities to the technical teams responsible for the recovery of all data.
• B.Provide step by step plans to recover business processes in the event of a disaster
• C.Ensure all infrastructure and applications are available in the event of a disaster
• D.Allow all technical first-responders to understand their roles in the event of a disaster

Comment: *

Name: *

Email: *

Verification: *

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?

• A.Create a risk metrics for all unmitigated risks
• B.Get approval from the board of directors
• C.Screen potential vendor solutions
• D.Verify that the cost of mitigation is less than the risk

Comment: *

Name: *

Email: *

Verification: *

The Information Security Governance program MUST:

• A.integrate with other organizational governance processes
• B.show a return on investment for the organization
• C.integrate with other organizational governance processes
• D.support user choice for Bring Your Own Device (BYOD)

Comment: *

Name: *

Email: *

Verification: *

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?

• A.NIST and Privacy Regulations
• B.ISO 27000 and Human resources best practices
• C.NIST and data breach notification laws
• D.ISO 27000 and Payment Card Industry Data Security Standards

Comment: *

Name: *

Email: *

Verification: *