Which of the following events would MOST likely require a revision to the information security program?

• A.An increase in industry threat level .
• B.A significant increase in reported incidents
• C.A change in IT management
• D.A merger with another organization

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?

• A.Information security policies
• B.An information security strategy
• C.Metrics to drive the information security program
• D.A defined security organizational structure

Comment: *

Name: *

Email: *

Verification: *

When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?

• A.External consultant
• B.Information owners
• C.Information security manager
• D.Business continuity coordinator

Comment: *

Name: *

Email: *

Verification: *

Of the following, whose input is of GREATEST importance in the development of an information security strategy?

• A.Process owners
• B.Corporate auditors
• C.End users
• D.Security architects.

Comment: *

Name: *

Email: *

Verification: *

When investigating an information security incident, details of the incident should be shared:

• A.only with internal audit.
• B.only with management.
• C.only as needed,
• D.widely to demonstrate positive intent.

Comment: *

Name: *

Email: *

Verification: *