Which of the following information security metrics would be MOST meaningful to executive management in assessing the effectiveness of the information security strategy?

• A.Monthly cost of maintaining information security controls
• B.Percentage of systems that are patched within the required time period
• C.Number of information security policy violations reported quarterly
• D.Monthly cost of interruptions in core processes due to security incidents

Comment: *

Name: *

Email: *

Verification: *

Executive management is considering outsourcing all IT operations. Which of the following functions should remain internal?

• A.Data ownership
• B.Data monitoring
• C.Data custodian
• D.Data encryption

Comment: *

Name: *

Email: *

Verification: *

Which of the following groups would be in the BEST position to perform a risk analysis for a business?

• A.External auditors
• B.A peer group within a similar business
• C.Process owners
• D.A specialized management consultant

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to include in monthly information security reports to the broad?

• A.Threat intelligence
• B.Risk assessment results
• C.Root cause analysis of security incidents
• D.Trend analysis of security metrics

Comment: *

Name: *

Email: *

Verification: *

The FIRST step to create an internal culture that focuses on information security is to:

• A.implement stronger controls.
• B.conduct periodic awareness training.
• C.actively monitor operations.
• D.gain the endorsement of executive management.

Comment: *

Name: *

Email: *

Verification: *