While auditing a data center's IT architecture, an information security manager discovers that required encryption for data communications has not been implemented. Which of the following should be done NEXT?

• A.Perform a cost benefit analysis.
• B.Perform a business impact analysis (BIA).
• C.Evaluate compensating and mitigating controls.
• D.Document and report the findings.

Comment: *

Name: *

Email: *

Verification: *

The MOST basic requirement for an information security governance program is to:

• A.be aligned with the corporate business strategy.
• B.be based on a sound risk management approach.
• C.provide adequate regulatory compliance.
• D.provide best practices for security- initiatives.

Comment: *

Name: *

Email: *

Verification: *

When residual risk is minimized:

• A.acceptable risk is probable.
• B.transferred risk is acceptable.
• C.control risk is reduced.
• D.risk is transferable.

Comment: *

Name: *

Email: *

Verification: *

Successful implementation of information security governance will FIRST require:

• A.security awareness training.
• B.updated security policies.
• C.a computer incident management team.
• D.a security architecture.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY benefit of a centralized time server ts that it

• A.decreases the likelihood of an unrecoverable systems failure.
• B.allows decentralized logs to be kept in synchronization.
• C.15 required by password synchronization programs.
• D.reduces individual time-of-day requests by client applications,

Comment: *

Name: *

Email: *

Verification: *