Which of the following would be MOST effective in the strategic alignment of security initiatives?

• A.Business leaders participate in information security decision making.
• B.A security steering committee is set up within the IT department.
• C.Policies are created with input from business unit managers.
• D.Key information security policies are updated on a regular basis.

Comment: *

Name: *

Email: *

Verification: *

Which of the following are the MOST important individuals to include as members of an information security steering committee?

• A.Direct reports to the chief information officer
• B.IT management and key business process owners
• C.Cross-section of end users and IT professionals
• D.Internal audit and corporate legal departments

Comment: *

Name: *

Email: *

Verification: *

Which of the following would represent a violation of the chain of custody when a backup tape has been identified as evidence in a fraud investigation? The tape was:

• A.removed into the custody of law enforcement investigators.
• B.kept in the tape library' pending further analysis.
• C.sealed in a signed envelope and locked in a safe under dual control.
• D.handed over to authorized independent investigators.

Comment: *

Name: *

Email: *

Verification: *

The MOST effective way to communicate the level of impact of information security risks on organizational objectives is to present:

• A.business impact analysis (BIA) results.
• B.detailed threat analysis results.
• C.risk treatment options.
• D.a risk heat map.

Comment: *

Name: *

Email: *

Verification: *

Deciding the level of protection a particular asset should be given is BEST determined by:

• A.the corporate risk appetite.
• B.a risk analysis.
• C.a threat assessment.
• D.a vulnerability assessment.

Comment: *

Name: *

Email: *

Verification: *