Which of the following is the BEST approach for governing noncompliance with security requirements?

• A.Require users to acknowledge the acceptable use policy.
• B.Base mandatory review and exception approvals on residual risk,
• C.Base mandatory review and exception approvals on inherent risk.
• D.Require the steering committee to review exception requests.

Comment: *

Name: *

Email: *

Verification: *

Which of the following events would MOST likely require a revision to the information security program?

• A.An increase in industry threat level .
• B.A significant increase in reported incidents
• C.A change in IT management
• D.A merger with another organization

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to include in a post-incident review following a data breach?

• A.Evaluations of the adequacy of existing controls
• B.An evaluation of the effectiveness of the information security strategy
• C.A review of the forensics chain of custom
• D.Documentation of regulatory reporting requirements

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST ensures timely and reliable access to services?

• A.Nonrepudiation
• B.Recovery time objective (RTO)
• C.Availability
• D.Authenticity

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST indicates the effectiveness of a recent information security awareness campaign delivered across the organization?

• A.Reduction in the impact of security incidents
• B.Increase in the frequency of security incident escalations
• C.Increase in the number of reported security incidents
• D.Decrease in the number of security incidents

Comment: *

Name: *

Email: *

Verification: *