When application-level security controlled by business process owners is found to be poorly managed, which of the following could BEST improve current practices?

• A.Centralizing security management
• B.Implementing sanctions for noncompliance
• C.Policy enforcement by IT management
• D.Periodic compliance reviews

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST helpful when justifying the funding required for a compensating control?

• A.Threat assessment
• B.Risk analysis
• C.Business case
• D.Business impact analysis

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

• A.Applying global security standards to the IT projects
• B.Integrating the risk assessment into the internal audit program
• C.Training project managers on risk assessment
• D.Having the information security manager participate on the project steering committees

Comment: *

Name: *

Email: *

Verification: *

Which of the following approaches is BEST for selecting controls to minimize information security risks?

• A.Control-effectiveness
• B.Risk assessment
• C.Industry best practices
• D.Cost-benefit analysis

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY benefit of implementing a maturity model for information security management?

• A.Information security management costs will be optimized.
• B.Information security strategy will be in line with industry best practice.
• C.Gaps between current and desirable levels will be addressed.
• D.Staff awareness of information security compliance will be promoted.

Comment: *

Name: *

Email: *

Verification: *