Which of the following is the responsibility of a risk owner?

• A.Performing risk assessments to direct risk response
• B.Determining the organization's risk appetite
• C.Ensuring control effectiveness is monitored
• D.Implementing controls to mitigate the risk

Comment: *

Name: *

Email: *

Verification: *

Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?

• A.Business continuity plan (BCP)
• B.Incident response plan
• C.Disaster recovery plan (DRP)
• D.Business contingency plan

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important for an information security manager to verify before conducting full-functional continuity testing?

• A.Risk acceptance by the business has been documented
• B.Teams and individuals responsible for recovery have been identified
• C.Copies of recovery and incident response plans are kept offsite
• D.Incident response and recovery plans are documented in simple language

Comment: *

Name: *

Email: *

Verification: *

An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?

• A.Determine security controls for the new service.
• B.Establish a compliance program,
• C.Hire new resources to support the service.
• D.Perform a gap analysis against the current state

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?

• A.An information security strategy
• B.A defined security organizational structure
• C.Information security policies
• D.Metrics to drive the information security program

Comment: *

Name: *

Email: *

Verification: *