When considering whether to adopt a new information security framework, an organization's information security manager should FIRST:

• A.perform a technical feasibility analysis
• B.perform a financial viability study
• C.analyze the framework's legal implications and business impact
• D.compare the framework with the current business strategy

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY purpose for continuous monitoring of security controls is to ensure:

• A.system availability.
• B.control gaps are minimized.
• C.effectiveness of controls.
• D.alignment with compliance requirements.

Comment: *

Name: *

Email: *

Verification: *

When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?

• A.Business management
• B.Operations manager
• C.Information security manager
• D.System users

Comment: *

Name: *

Email: *

Verification: *

An information security manager's PRIMARY objective for presenting key risks to the board of directors is to:

• A.meet information security compliance requirements.
• B.ensure appropriate information security governance.
• C.re-evaluate the risk appetite.
• D.quantity reputational risks.

Comment: *

Name: *

Email: *

Verification: *

The FIRST step to create an internal culture that focuses on information security is to:

• A.implement stronger controls.
• B.conduct periodic awareness training.
• C.actively monitor operations.
• D.gain the endorsement of executive management.

Comment: *

Name: *

Email: *

Verification: *