An information security manager has been asked to determine whether an information security initiative has reduced risk to an acceptable level. Which of the following activities would provide the BEST information for the information security manager to draw a conclusion?

• A.Initiating a cost-benefit analysis of the implemented controls
• B.Performing a risk assessment
• C.Reviewing the risk register
• D.Conducting a business impact analysis (BIA)

Comment: *

Name: *

Email: *

Verification: *

Recovery time objectives (RTOs) are an output of which of the following?

• A.Business continuity plan
• B.Disaster recovery plan
• C.Service level agreement (SLA)
• D.Business impact assessment (BIA)

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be established FIRST when implementing an information security governance framework?

• A.Security policies
• B.Security incident management team
• C.Security awareness training program
• D.Security architecture

Comment: *

Name: *

Email: *

Verification: *

Management of a financial institution accepted an operational risk that consequently led to the temporary deactivation to a critical monitoring process. Which of the following should be the information security manager's GREATEST concern with this situation?

• A.Impact on compliance risk.
• B.Impact on the risk culture.
• C.Inability to determine short-term impact.
• D.Deviation from risk management best practices

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST indicates that information assets are classified accurately?

• A.Appropriate prioritization of information risk treatment
• B.Increased compliance with information security policy
• C.Appropriate assignment of information asset owners
• D.An accurate and complete information asset catalog

Comment: *

Name: *

Email: *

Verification: *