Which of the following is the MOST important step in risk ranking?

• A.Impact assessment
• B.Mitigation cost
• C.Threat assessment
• D.Vulnerability analysis

Comment: *

Name: *

Email: *

Verification: *

A new program has been implemented to standardize security configurations across a multinational organization Following implementation, the configuration standards should:

• A.be updated to address emerging threats and vulnerabilities.
• B.be changed for different subsets of the systems to minimize impact,
• C.not deviate from industry best practice baselines.
• D.remain unchanged to avoid variations across the organization

Comment: *

Name: *

Email: *

Verification: *

From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities?

• A.Enhanced policy compliance
• B.Improved procedure flows
• C.Segregation of duties
• D.Better accountability

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST effective, positive method to promote security awareness?

• A.Competitions and rewards for compliance
• B.Lock-out after three incorrect password attempts
• C.Strict enforcement of password formats
• D.Disciplinary action for noncompliance

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the PRIMARY goal of an Information security manager when designing Information security policies?

• A.Reducing organizational security risk
• B.Achieving organizational objectives
• C.Minimizing the cost of security controls
• D.Improving the protection of information

Comment: *

Name: *

Email: *

Verification: *