The PRIMARY objective for information security program development should be:

• A.Identifying and implementing the best security solutions.
• B.Reducing the impact of the risk to the business.
• C.Establishing strategic alignment with bunsiness continuity requirements
• D.Establishing incident response programs.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST likely to be discretionary?

• A.Standards
• B.Policies
• C.Guidelines
• D.Procedures

Comment: *

Name: *

Email: *

Verification: *

The formal certification and accreditation process has four primary steps, what are they?

• A.Evaluating, describing, testing and authorizing
• B.Evaluating, purchasing, testing, authorizing
• C.Auditing, documenting, verifying, certifying
• D.Discovery, testing, authorizing, certifying

Comment: *

Name: *

Email: *

Verification: *

Involvement of senior management is MOST important in the development of:

• A.IT security procedures
• B.IT security implementation plans
• C.Standards and guidelines
• D.IT security policies

Comment: *

Name: *

Email: *

Verification: *

A department within your company has proposed a third party vendor solution to address an urgent, critical business need. As the CISO you have been asked to accelerate screening of their security control claims.
Which of the following vendor provided documents is BEST to make your decision:

• A.Vendor provided internal risk assessment and security control documentation
• B.Vendor provided reference from an existing reputable client detailing their implementation
• C.Vendor's client list of reputable organizations currently using their solution
• D.Vendor provided attestation of the detailed security controls from a reputable accounting firm

Comment: *

Name: *

Email: *

Verification: *