The BEST way of establish a security baseline is by documenting

• A.a framework of operational standards
• B.a standard of acceptable settings
• C.the desired range of security settings
• D.the organization's preferred security level.

Comment: *

Name: *

Email: *

Verification: *

A core business unit relies on an effective legacy system that does not meet the current security standards and threatens the enterprise network. Which of the following is the BEST course of action to address the situation?

• A.Document the deficiencies in the risk register.
• B.Disconnect the legacy system from the rest of the network.
• C.Require that new systems that can meet the standards be implemented.
• D.Develop processes to compensate for the deficiencies.

Comment: *

Name: *

Email: *

Verification: *

When the computer incident response team (CIRT) finds clear evidence that a hacker has penetrated the corporate network and modified customer information, an information security manager should FIRST notify:

• A.the information security steering committee.
• B.customers who may be impacted.
• C.data owners who may be impacted.
• D.regulatory- agencies overseeing privacy.

Comment: *

Name: *

Email: *

Verification: *

During which stage of the software development life cycle (SDLC) should application security controls FIRST be addressed?

• A.Configuration management
• B.Software code development
• C.Application system design
• D.Requirements gathering

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST important when developing an information security strategy?

• A.Engage stakeholders.
• B.Assign data ownership.
• C.Determine information types.
• D.Classify information assets.

Comment: *

Name: *

Email: *

Verification: *