Security awareness training is MOST likely to lead to which of the following?

• A.Decrease in intrusion incidents
• B.Increase in reported incidents
• C.Decrease in security policy changes
• D.Increase in access rule violations

Comment: *

Name: *

Email: *

Verification: *

An information security manager has recently been notified of potential security risks associated with a thirdparty service provider. What should be done NEXT to address this concern?

• A.Determine compensating controls
• B.Escalate to the chief risk officer
• C.Conduct a vulnerability analysis
• D.Conduct a risk analysis

Comment: *

Name: *

Email: *

Verification: *

When developing a protection strategy for outsourcing applications, the information se<urity manager MUST ensure that:

• A.escrow agreements are in place.
• B.nondisclosure clauses are in the contract.
• C.the security requirements are included in the service level agreement (SLA).
• D.the responsibility for security is transferred in the service level agreement (SLA).

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be in place before a black box penetration test begins?

• A.IT management approval
• B.Proper communication and awareness training
• C.A clearly stated definition of scope
• D.An incident response plan

Comment: *

Name: *

Email: *

Verification: *

During which phase of development is it MOST appropriate to begin assessing the risk of a new application system?

• A.Feasibility
• B.Design
• C.Development
• D.Testing

Comment: *

Name: *

Email: *

Verification: *