An audit was conducted and many critical applications were found to have no disaster recovery plans in place.
You conduct a Business Impact Analysis (BIA) to determine impact to the company for each application.
What should be the NEXT step?

• A.Determine the annual loss expectancy (ALE)
• B.Create a crisis management plan
• C.Build a secondary hot site
• D.Create technology recovery plans

Comment: *

Name: *

Email: *

Verification: *

A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?

• A.Lack of a formal risk management policy
• B.Lack of formal definition of roles and responsibilities
• C.Lack of a formal security policy governance process
• D.Lack of a formal security awareness program

Comment: *

Name: *

Email: *

Verification: *

Which of the following most commonly falls within the scope of an information security governance steering committee?

• A.Vetting information security policies
• B.Developing content for security awareness programs
• C.Approving access to critical financial systems
• D.Interviewing candidates for information security specialist positions

Comment: *

Name: *

Email: *

Verification: *

The Information Security Management program MUST protect:

• A.intellectual property released into the public domain
• B.against distributed denial of service attacks
• C.all organizational assets
• D.critical business processes and /or revenue streams

Comment: *

Name: *

Email: *

Verification: *

An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security

• A.Technical control
• B.Procedural control
• C.Administrative control
• D.Management control

Comment: *

Name: *

Email: *

Verification: *