Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

• A.Begin due diligence on the outsourcing company.
• B.Submit funding request to senior management.
• C.Perform a cost-benefit analysis.
• D.Collect additional metrics.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST indicator of an organization's information security status?

• A.Threat analysis
• B.Penetration test
• C.Intrusion detection log analysis
• D.Controls audit

Comment: *

Name: *

Email: *

Verification: *

An organization's main product is a customer-facing application delivered using Software as a Service (SaaS).
The lead security engineer has just identified a major security vulnerability at the primary cloud provider.
Within the organization, who is PRIMARILY accountable for the associated task?

• A.The security engineer
• B.The information security manager
• C.The data owner
• D.The application owner

Comment: *

Name: *

Email: *

Verification: *

During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:

• A.security objectives.
• B.baseline security controls.
• C.benchmarking security metrics.
• D.cost-benefit analyses.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST help to ensure appropriate security controls are built into software?

• A.Performing security testing prior to deployment
• B.Integrating security throughout the development process
• C.Providing standards for implementation during development activities
• D.Providing security training to the software development team

Comment: *

Name: *

Email: *

Verification: *