Which of the following will BEST facilitate the integration of information security governance into enterprise governance?

• A.Implementing an information security awareness program
• B.Documenting the information security governance framework
• C.Developing an information security policy based on risk assessments
• D.Establishing an information security steering committee

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST helpful to identify worst-case disruption scenarios?

• A.Business process analysis
• B.Business impact analysis (BIA)
• C.Cast-benefit analysis
• D.SWOT analysis

Comment: *

Name: *

Email: *

Verification: *

An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?

• A.Review industry specialists' analyses of the new standard.
• B.Determine whether the organization can benefit from adopting the new standard.
• C.Obtain legal counsel's opinion on the standard's applicability to regulations,
• D.Perform a risk assessment on the new technology.

Comment: *

Name: *

Email: *

Verification: *

To support effective risk decision making, which of the following is MOST important to have in place?

• A.Established risk domains
• B.Risk reporting procedures
• C.An audit committee consisting of mid-level management
• D.Well-defined and approved controls

Comment: *

Name: *

Email: *

Verification: *

To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:

• A.rely on senior management to enforce security.
• B.promote the relevance and contribution of security.
• C.focus on compliance.
• D.reiterate the necessity of security.

Comment: *

Name: *

Email: *

Verification: *