Management decisions concerning information security investments will be MOST effective when they are based on:

• A.the formalized acceptance of risk analysis by management.
• B.the reporting of consistent and periodic assessments of risks.
• C.a process for identifying and analyzing threats and vulnerabilities
• D.an annual loss expectancy (ALE) determined from the history of security events.

Comment: *

Name: *

Email: *

Verification: *

Who can BEST approve plans to implement an information security governance framework?

• A.Internal auditor
• B.Information security management
• C.Steering committee
• D.Infrastructure management

Comment: *

Name: *

Email: *

Verification: *

A security manager meeting the requirements for the international flow of personal data will need to ensure:

• A.a data processing agreement.
• B.a data protection registration.
• C.the agreement of the data subjects.
• D.subject access procedures.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important to consider when defining escalation processes for incident response procedures?

• A.Key risk indicators (KRIs)
• B.Key performance indicators (KPIs)
• C.Business continuity plans (BCPs)
• D.Recovery time objectives (RTOs)

Comment: *

Name: *

Email: *

Verification: *

In addition to backup data, which of the following is the MOST important to store offsite in the event of a disaster?

• A.Copies of critical contracts and service level agreements (SLAs)
• B.Copies of the business continuity plan
• C.Key software escrow agreements for the purchased systems
• D.List of emergency numbers of service providers

Comment: *

Name: *

Email: *

Verification: *