Which of the following is MOST useful to include in a report to senior management on a regular basis to demonstrate the effectiveness of the information security program?

• A.Critical success factors (CSFs)
• B.Key risk indicators (KRIs)
• C.Capability maturity models
• D.Key performance indicators (KPIs)

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important prerequisite for Implementing a data loss prevention (DLP) tool?

• A.Developing a DLP policy and requiring signed acknowledgement by users.
• B.Reviewing data transfer logs to determine historical patterns of data flow
• C.Requiring users to save files in secured folders instead of company-wide shared drive
• D.Identifying where existing data resides and establishing a data classification matrix.

Comment: *

Name: *

Email: *

Verification: *

Effective IT governance requires organizational structures and processes to ensure that:

• A.the organization's strategies and objectives extend the IT strategy.
• B.the business strategy is derived from an IT strategy.
• C.IT governance is separate and distinct from the overall governance.
• D.the IT strategy extends the organization's strategies and objectives.

Comment: *

Name: *

Email: *

Verification: *

Processing controls ensure that data is accurate and complete, and is processed only through which of the following?

• A.Documented routines
• B.Authorized routines
• C.Accepted routines
• D.Approved routines

Comment: *

Name: *

Email: *

Verification: *

An organization's senior management thinks current security controls may be excessive and requests an IS auditor's advice on how to assess the adequacy of current measures. What is the auditor's BEST recommendation to management?

• A.Re-evaluate the organization's risk and control framework.
• B.Perform correlation analysis between incidents and investments.
• C.Introduce automated security monitoring tools.
• D.Downgrade security controls on low-risk systems.

Comment: *

Name: *

Email: *

Verification: *