When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?

• A.Create separate policies to address each regulation
• B.Develop policies that meet all mandated requirements
• C.Incorporate policy statements provided by regulators
• D.Develop a compliance risk assessment

Comment: *

Name: *

Email: *

Verification: *

A company's mail server allows anonymous file transfer protocol (FTP) access which could be exploited. What process should the information security manager deploy to determine the necessity for remedial action?

• A.A penetration test
• B.A security baseline review
• C.A risk assessment
• D.A business impact analysis (BIA)

Comment: *

Name: *

Email: *

Verification: *

In information security governance, the PRIMARY role of the board of directors is to ensure:

• A.communication of security posture to stakeholder*
• B.approval of relevant policies and standards.
• C.compliance with regulations and best practices
• D.alignment with the strategic goals of the organization

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important consideration for an organization interacting with the media during a disaster?

• A.Communicating specially drafted messages by an authorized person
• B.Refusing to comment until recovery
• C.Referring the media to the authorities
• D.Reporting the losses and recovery strategy to the media

Comment: *

Name: *

Email: *

Verification: *

A new e-mail virus that uses an attachment disguised as a picture file is spreading rapidly over the Internet.
Which of the following should be performed FIRST in response to this threat?

• A.Quarantine all picture files stored on file servers
• B.Block all e-mails containing picture file attachments
• C.Quarantine all mail servers connected to the Internet
• D.Block incoming Internet mail, but permit outgoing mail

Comment: *

Name: *

Email: *

Verification: *