The FIRST step in an incident response plan is to:

• A.notify- the appropriate individuals.
• B.contain the effects of the incident to limit damage.
• C.develop response strategies for systematic attacks.
• D.validate the incident.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the PRIMARY benefit of an information security awareness training program?

• A.Evaluating organizational security culture
• B.Enforcing security policy
• C.Influencing human behavior
• D.Defining risk accountability

Comment: *

Name: *

Email: *

Verification: *

Which of the following provides the BEST evidence that the information security program is aligned to the business strategy?

• A.The information security program manages risk within the business's risk tolerance.
• B.The information security team is able to provide key performance indicators (KPIs) to senior management.
• C.Business senior management supports the information security policies.
• D.Information security initiatives are directly correlated to business processes.

Comment: *

Name: *

Email: *

Verification: *

Which of the following is necessary to determine what would constitute a disaster for an organization?

• A.Recovery strategy analysis
• B.Threat probability analysis
• C.Backup strategy analysis
• D.Risk analysis

Comment: *

Name: *

Email: *

Verification: *

An information security manager has been asked to develop a change control process. What is the FIRST thing the information security manager should do?

• A.Research best practices
• B.Meet with stakeholders
• C.Establish change control procedures
• D.Identify critical systems

Comment: *

Name: *

Email: *

Verification: *