What is the BEST way to determine the level of risk associated with information assets processed by an IT application?

• A.Calculate the business value of the information assets.
• B.Review the cost of acquiring the information assets for the business.
• C.Research compliance requirements associated with the information.
• D.Evaluate the potential value of information for an attacker.

Comment: *

Name: *

Email: *

Verification: *

The PRIMARY objective of performing a post-incident review is to:

• A.re-evaluate the impact of incidents
• B.identify vulnerabilities
• C.identify control improvements.
• D.identify the root cause.

Comment: *

Name: *

Email: *

Verification: *

An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the:

• A.corporate data privacy policy.
• B.data privacy policy where data are collected.
• C.data privacy policy of the headquarters' country.
• D.data privacy directive applicable globally.

Comment: *

Name: *

Email: *

Verification: *

Which of the following types of information would the information security manager expect to have the LOWEST level of security protection in a large, multinational enterprise?

• A.Strategic business plan
• B.Upcoming financial results
• C.Customer personal information
• D.Previous financial results

Comment: *

Name: *

Email: *

Verification: *

Which of the following metrics BEST measures the effectiveness of an organization's information security program?

• A.Increase in risk assessments completed
• B.Number of information security business cases developed
• C.Reduction in information security incidents
• D.Return on information security investment

Comment: *

Name: *

Email: *

Verification: *