The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:

• A.the plan aligns with the organization's business plan.
• B.departmental budgets are allocated appropriately to pay for the plan.
• C.regulatory oversight requirements are met.
• D.the impact of the plan on the business units is reduced.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST useful to include in a report to senior management on a regular basis to demonstrate the effectiveness of the information security program?

• A.Key risk indicators (KRIs)
• B.Capability maturity models
• C.Critical success factors (CSFs)
• D.Key performance indicators (KPIs)

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be performed FIRST in the aftermath of a denial-of-service attack?

• A.Restore servers from backup media stored offsite
• B.Conduct an assessment to determine system status
• C.Perform an impact analysis of the outage
• D.Isolate the screened subnet

Comment: *

Name: *

Email: *

Verification: *

What is the PRIMARY objective of a post-event review in incident response?

• A.Adjust budget provisioning
• B.Preserve forensic data
• C.Improve the response process
• D.Ensure the incident is fully documented

Comment: *

Name: *

Email: *

Verification: *

The MOST important factor in ensuring the success of an information security program is effective:

• A.communication of information security requirements to all users in the organization.
• B.formulation of policies and procedures for information security.
• C.alignment with organizational goals and objectives.
• D.monitoring compliance with information security policies and procedures.

Comment: *

Name: *

Email: *

Verification: *