An executive's personal mobile device used for business purposes is reported lost. The information security manager should respond based on:

• A.the business impact analysis (BIA),
• B.incident classification.
• C.asset management guidelines.
• D.the acceptable use policy.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST indicator that security awareness training has been effective?

• A.Employees sign to acknowledge the security policy
• B.More incidents are being reported
• C.A majority of employees have completed training
• D.No incidents have been reported in three months

Comment: *

Name: *

Email: *

Verification: *

Information security projects should be prioritized on the basis of:

• A.time required for implementation.
• B.impact on the organization.
• C.total cost for implementation.
• D.mix of resources required.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY reason for using information security metrics is to:

• A.ensure alignment with corporate requirements.
• B.achieve senior management commitment.
• C.monitor the effectiveness of controls
• D.adhere to legal and regulatory requirements

Comment: *

Name: *

Email: *

Verification: *

An online banking institution is concerned that the breach of customer personal information will have a significant financial impact due to the need to notify and compensate customers whose personal information may have been compromised. The institution determines that residual risk will always be too high and decides to:

• A.mitigate the impact by purchasing insurance.
• B.implement a circuit-level firewall to protect the network.
• C.increase the resiliency of security measures in place.
• D.implement a real-time intrusion detection system.

Comment: *

Name: *

Email: *

Verification: *