Which of the following documents would be the BEST reference to determine whether access control mechanisms are appropriate for a critical application?
Correct Answer: C
Explanation IT management should ensure that mechanisms are implemented in line with IT security policy. Procedures are determined by the policy. A user security procedure does not describe the access control mechanism in place. The business process flow is not relevant to the access control mechanism. The organization's own policy and procedures should take into account regulatory requirements.
Question 382
When developing security processes for handling credit card data on the business unit's information system, the information security manager should
Correct Answer: C
Question 383
Which of the following is the MOST important consideration when briefing executives about the current state of the information security program?
Correct Answer: B
Explanation = When briefing executives about the current state of the information security program, the most important consideration is to use appropriate language for the target audience. This means avoiding technical jargon, acronyms, and details that may confuse or bore the executives, and instead focusing on the business value, risks, and benefits of the information security program. The other options are not as important or relevant as using appropriate language, although they may also be useful to include in the briefing. For example, a situational forecast may be helpful to show the future trends and challenges, but it is not as essential as communicating the current state clearly and concisely. Similarly, trend charts for metrics and a rating system to demonstrate program effectiveness may be useful to support the briefing, but they are not as critical as using language that the executives can understand and relate to. References = Information Security Guide for Government Executives, page 7: "Reminding employees of their responsibilities and demonstrating management's commitment to the security program are key to maintaining effective security within the constantly changing information security environment." Information security guide for government executives - NIST, page 3: "The executive should communicate the importance of information security to the organization and its staff, using language that is meaningful to the target audience." Information Security Committee Charter - SecurityStudio, page 1: "The committee also coordinates and communicates the direction, current state, and oversight of the information security program."
Question 384
Which of the following would provide senior management with the BEST overview of the performance of information security risk treatment options?
Correct Answer: C
Question 385
Which of the following is MOST important when providing updates during a security incident?
