Which of the following would MOST effectively ensure that information security is implemented in a new system?

• A.Secure code reviews
• B.Penetration testing
• C.Security baselines
• D.Security scanning

Comment: *

Name: *

Email: *

Verification: *

Following a risk assessment, new countermeasures have been approved by management. Which of the following should be performed NEXT

• A.Develop an implementation strategy.
• B.Schedule the target end date for implementation activities.
• C.Calculate the residual risk for each countermeasure.
• D.Budget the total cost of implementation activities.

Comment: *

Name: *

Email: *

Verification: *

Priority should be given to which of the following to ensure effective implementation of information security governance?

• A.Consultation
• B.Negotiation
• C.Facilitation
• D.Planning

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the important criteria when defining data retention policies?

• A.Industry best practices
• B.Regulatory requirements
• C.Audit findings
• D.Capacity requirements

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST way to integrate information security into corporate governance?

• A.Engage external security consultants in security initiatives.
• B.Conduct comprehensive information security management training for key stakeholders.
• C.Ensure information security processes are part of the existing management processes.
• D.Require periodic security risk assessments be performed.

Comment: *

Name: *

Email: *

Verification: *