Which of the following is the BEST justification to convince management to invest in an information security program?

• A.Cost reduction
• B.Compliance with company policies
• C.Protection of business assets
• D.Increased business value

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST method for ensuring that security procedures and guidelines are known and understood?

• A.Periodic focus group meetings
• B.Periodic compliance reviews
• C.Computer-based certification training (CBT)
• D.Employee's signed acknowledgement

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be an information security manager's PRIMARY consideration when developing an incident response plan?

• A.The organization's external communications plan
• B.Incident response plan testing methods and frequency
• C.Skills and competencies of the help desk
• D.The organization's risk tolerance and appetite

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST useful input for an information security manager when refreshing the organizations security strategy?

• A.Results of a vulnerability scan
• B.Results of a red team exercise
• C.Results of a security risk assessment
• D.Results of a security pokey review

Comment: *

Name: *

Email: *

Verification: *

A new version of an information security regulation is published that requires an organization's compliance. The information security manager should FIRST

• A.conduct benchmarking against similar organizations.
• B.perform a gap analysis against the new regulation.
• C.conduct a risk assessment to determine the risk of noncompliance.
• D.perform an audit based on the new version of the regulation

Comment: *

Name: *

Email: *

Verification: *