When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:

• A.cost-benefit analysis,
• B.regulatory requirements.
• C.best practices.
• D.control framework

Comment: *

Name: *

Email: *

Verification: *

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

• A.External consultant
• B.Information owners
• C.Information security manager
• D.Business continuity coordinator

Comment: *

Name: *

Email: *

Verification: *

Which of the following is an example of risk mitigation?

• A.Purchasing insurance
• B.Discontinuing the activity associated with the risk
• C.Improving security controls
• D.Performing a cost-benefit analysis

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

• A.Defining information stewardship roles
• B.Developing a records retention schedule
• C.Defining security asset categorization
• D.Assigning information asset ownership

Comment: *

Name: *

Email: *

Verification: *

ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?

• A.Recommend canceling the outsourcing contract.
• B.Notify affected customers of the data breach.
• C.Request an independent review of the provider's data center.
• D.Determine the extent of the impact to the organization.

Comment: *

Name: *

Email: *

Verification: *