Which of the following is the BEST method to align an information security strategic plan to the corporate strategy?

• A.Involving senior management in the development of the plan
• B.Obtaining adequate funds from senior management
• C.Ensuring the plan complies with business unit expectations
• D.Involving industry experts in the development of the plan

Comment: *

Name: *

Email: *

Verification: *

Which of the following BEST demonstrates that security controls are effective?

• A.Tabletop simulation
• B.Audit report
• C.Risk and control self-assessment
• D.Business impact analysis (BIA) results

Comment: *

Name: *

Email: *

Verification: *

How would an organization know if its new information security program is accomplishing its goals?

• A.Key metrics indicate a reduction in incident impacts.
• B.Senior management has approved the program and is supportive of it.
• C.Employees are receptive to changes that were implemented.
• D.There is an immediate reduction in reported incidents.

Comment: *

Name: *

Email: *

Verification: *

Before conducting a formal risk assessment of an organization's information resources, an information security manager should FIRST:

• A.map the major threats to business objectives.
• B.review available sources of risk information.
• C.identify the value of the critical assets.
• D.determine the financial impact if threats materialize.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the MOST important criterion when deciding whether to accept residual risk?

• A.Cost of additional mitigation
• B.Cost of replacing the asset
• C.Annual rate of occurrence
• D.Annual loss expectancy (ALE)

Comment: *

Name: *

Email: *

Verification: *