Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization's information security program?

• A.Collaborate with business and IT functions in determining controls.
• B.Include information security requirements in the change control process.
• C.Obtain assistance from IT to implement automated security cantrals.
• D.Focus on addressing conflicts between security and performance.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?

• A.Organizational tolerance to service interruption
• B.Legal and regulatory requirements
• C.Geographical location of the backup site
• D.Likelihood of a disaster

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the FIRST step to gain approval for outsourcing to address a security gap?

• A.Submit funding request to senior management.
• B.Collect additional metrics.
• C.Begin due diligence on the outsourcing company.
• D.Perform a cost-benefit analysis.

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST supports information security management in the event of organizational changes in security personnel?

• A.Developing an awareness program for staff
• B.Ensuring current documentation of security processes
• C.Establishing processes within the security operations team
• D.Formalizing a security strategy and program

Comment: *

Name: *

Email: *

Verification: *

An organization is going through a digital transformation process, which places the IT organization in an unfamiliar risk landscape. The information security manager has been tasked with leading the IT risk management process. Which of the following should be given the HIGHEST priority?

• A.Selection of risk treatment options
• B.Design of key risk indicators (KRIs)
• C.Analysis of control gaps
• D.Identification of risk

Comment: *

Name: *

Email: *

Verification: *