Which of the following is the MOST effective way for an information security manager to ensure that security is incorporated into an organization's project development processes?

• A.Conduct security reviews during design, testing, and implementation.
• B.Integrate organization's security requirements into project
• C.Develop good communications with the project management office (PMO).
• D.Participate in project initiation, approval, and funding.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to identify the potential impact of a successful attack on an organization's mission critical applications?

• A.Conduct penetration testing.
• B.Perform application vulnerability review.
• C.Perform independent code review.
• D.Execute regular vulnerability scans.

Comment: *

Name: *

Email: *

Verification: *

A possible breach of an organization's IT system is reported by the project manager. What is the FIRST thing the incident response manager should do?

• A.Run a port scan on the system
• B.Disable the logon ID
• C.Investigate the system logs
• D.Validate the incident

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be the information security manager's BEST course of action to gain approval for investment in a technical control?

• A.Calculate the exposure factor.
• B.Conduct a business impact analysis (BIA).
• C.Perform a cost-benefit analysis.
• D.Conduct a risk assessment.

Comment: *

Name: *

Email: *

Verification: *

What is the MOST cost-effective method of identifying new vendor vulnerabilities?

• A.External vulnerability reporting sources
• B.Periodic vulnerability assessments performed by consultants
• C.Intrusion prevention software
• D.honey pots located in the DMZ

Comment: *

Name: *

Email: *

Verification: *