Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?

• A.Knowledge of information technology platforms, networks and development methodologies
• B.Ability to understand and map organizational needs to security technologies
• C.Knowledge of the regulatory environment and project management techniques
• D.Ability to manage a diverse group of individuals and resources across an organization

Comment: *

Name: *

Email: *

Verification: *

Effective information security policies should be PRIMARILY developed based on:

• A.the ease of enforcement.
• B.the cost of implementation,
• C.industry best practices.
• D.the organization's risk profile.

Comment: *

Name: *

Email: *

Verification: *

An information security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do FIRST?

• A.Review the procedures for granting access
• B.Establish procedures for granting emergency access
• C.Meet with data owners to understand business needs
• D.Redefine and implement proper access rights

Comment: *

Name: *

Email: *

Verification: *

When conducting a post-incident review, the GREATEST benefit of collecting mean time to resolution (MTTR) data is the ability to:

• A.provide metrics for reporting to senior management
• B.verify compliance with the service level agreement (SLA).
• C.learn of potential areas of improvement
• D.reduce the costs of future preventive controls.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST method for management to obtain assurance of compliance with its security policy?

• A.Review security incident logs.
• B.Question staff concerning their security duties.
• C.Train staff on their compliance responsibilities.
• D.Conduct regular independent reviews.

Comment: *

Name: *

Email: *

Verification: *