Which of the following is the MAIN purpose of an information security management system?

• A.To identify and eliminate the root causes of information security incidents
• B.To enhance the impact of reports used to monitor information security incidents
• C.To keep information security policies and procedures up-to-date
• D.To reduce the frequency and impact of information security incidents

Comment: *

Name: *

Email: *

Verification: *

Which of the following statements appearing in an organization's acceptable use policy BEST demonstrates alignment with data classification standards related to the protection of information assets?

• A.Any information assets transmitted over a public network must be approved by executive management.
• B.All information assets must be encrypted when stored on the organization's systems.
• C.Information assets should only be accessed by persons with a justified need.
• D.All information assets will be assigned a clearly defined level to facilitate proper employee handling.

Comment: *

Name: *

Email: *

Verification: *

What is used as a control to detect loss, corruption, or duplication of data?

• A.Redundancy check
• B.Reasonableness check
• C.Hash totals
• D.Accuracy check

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the MOST effective control to mitigate unintentional misuse of authorized access?

• A.Regular monitoring of user access logs
• B.Annual sign-off of acceptable use policy
• C.Formalized disciplinary action
• D.Security awareness training

Comment: *

Name: *

Email: *

Verification: *