How would an organization know if its new information security program is accomplishing its goals?

• A.Key metrics indicate a reduction in incident impacts.
• B.Senior management has approved the program and is supportive of it.
• C.Employees are receptive to changes that were implemented.
• D.There is an immediate reduction in reported incidents.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important reason to monitor information risk on a continuous basis?

• A.The risk profile can change over time.
• B.Risk assessment errors can be identified.
• C.The effectiveness of controls can be verified.
• D.The cost of controls can be minimized.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to consider when developing a business continuity plan (BCP)?

• A.Disaster recovery plan (DRP)
• B.Business impact analysis (BIA)
• C.Incident management requirements
• D.Business communication plan

Comment: *

Name: *

Email: *

Verification: *

If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:

• A.implement controls to mitigate the risk to an acceptable level.
• B.recommend that management avoid the business activity
• C.assess the gap between current and acceptable level of risk.
• D.transfer risk to a third party to avoid cost of impact.

Comment: *

Name: *

Email: *

Verification: *

An internal review of a web-based application system finds the ability to gain access to all employees' accounts by changing the employee's ID on the URL used for accessing the account. The vulnerability identified is:

• A.broken authentication.
• B.unvalidated input.
• C.cross-site scripting.
• D.structured query language (SQL) injection.

Comment: *

Name: *

Email: *

Verification: *