Which of the following metrics BEST measures the effectiveness of an organization's information security program?

• A.Increase in risk assessments completed
• B.Reduction in information security incidents
• C.Number of information security business cases developed
• D.Return on information security investment

Comment: *

Name: *

Email: *

Verification: *

Due to specific application requirements, a project team has been granted administrative ponieon GR: is the PRIMARY reason for ensuring clearly defined roles and responsibilities are communicated to these users?

• A.Clearer segregation of duties
• B.Increased user productivity
• C.Increased accountability
• D.Fewer security incidents

Comment: *

Name: *

Email: *

Verification: *

Who is BEST suited to determine how the information in a database should be classified?

• A.Data owner
• B.Information security analyst
• C.Database analyst
• D.Database administrator (DBA)

Comment: *

Name: *

Email: *

Verification: *

An anomaly-based intrusion detection system (IDS) operates by gathering data on:

• A.normal network behavior and using it as a baseline lor measuring abnormal activity
• B.abnormal network behavior and issuing instructions to the firewall to drop rogue connections
• C.abnormal network behavior and using it as a baseline for measuring normal activity
• D.attack pattern signatures from historical data

Comment: *

Name: *

Email: *

Verification: *

An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?

• A.Revise the organization's security policy.
• B.Document risk acceptances.
• C.Assess the consequences of noncompliance.
• D.Conduct an information security audit.

Comment: *

Name: *

Email: *

Verification: *