Which of the following is generally considered a fundamental component of an information security program?

• A.Role-based access control systems
• B.Automated access provisioning
• C.Security awareness training
• D.Intrusion prevention systems (IPSs)

Comment: *

Name: *

Email: *

Verification: *

What should be an information security manager's FIRST course of action upon learning of a security threat that has occurred in the industry for the first time?

• A.Examine responses of victims that have been exposed to similar threats.
• B.Revise the organization's incident response plan.
• C.Update the relevant information security policy.
• D.Perform a control gap analysis of the organization's environment

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important for an information security manager to ensure when evaluating change requests?

• A.Requests add value to the business.
• B.Requests are approved by process owners.
• C.Contingency plans have been created.
• D.Residual risk is within risk tolerance.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

• A.Applying global security standards to the IT projects
• B.Training project managers on risk assessment
• C.Having the information security manager participate on the project setting committees
• D.Integrating the risk assessment into the internal audit program

Comment: *

Name: *

Email: *

Verification: *

Which of the following MOST commonly falls within the scope of an information security governance steering committee?

• A.Interviewing candidates for information security specialist positions
• B.Developing content for security awareness programs
• C.Prioritizing information security initiatives
• D.Approving access to critical financial systems

Comment: *

Name: *

Email: *

Verification: *