Which of the following BIST validates that security controls are implemented in a new business process?

• A.Review the process for conformance with information security best practices
• B.Assess the process according to information security policy
• C.Verify the use of a recognized control framework
• D.Benchmark the process against industry practices

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be of GREATEST concern to an information security manager when establishing a set of key risk indicators (KRIs)?

• A.Several business functions have been outsourced to third-party vendors.
• B.Risk tolerance levels have not yet been established
• C.The impact of security risk on organizational objectives is not well understood
• D.The organization has no historical data on previous security events

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

• A.Incorporate policy statements derived from third-party standards and benchmarks.
• B.Adhere to a unique corporate privacy and security standard
• C.Establish baseline standards for all locations and add supplemental standards as required
• D.Require that all locations comply with a generally accepted set of industry

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST helpful to identify whether information security policies have been followed?

• A.Detective controls
• B.Corrective controls
• C.Directive controls
• D.Preventive controls

Comment: *

Name: *

Email: *

Verification: *

After the occurrence of a major information security corrective actions?

• A.Calculating cost of the incident
• B.Preserving the evidence
• C.Conducting a postmortem assessment
• D.Performing an impact analysis

Comment: *

Name: *

Email: *

Verification: *