Which of the following methods BEST ensures that a comprehensive approach is used to direct information security activities?

• A.Creating communication channels
• B.Molding periodic meetings with business owners
• C.Promoting security training
• D.Establishing a steering committee

Comment: *

Name: *

Email: *

Verification: *

An internal audit has identified major weaknesses over IT processing. Which of the following should an information security manager use to BEST convey a sense of urgency to management?

• A.Security metrics reports
• B.Risk assessment reports
• C.Business impact analysis (BIA)
• D.Return on security investment report

Comment: *

Name: *

Email: *

Verification: *

Which of the following processes if the FIRST step in establishing an information security policy?

• A.Security controls evaluation
• B.Information security audit
• C.Review of current global standards
• D.Business risk assessment

Comment: *

Name: *

Email: *

Verification: *

A data-hosting organization's data center houses servers, applications, and data for a large number of geographically dispersed customers. Which of the following strategies would be the BEST approach for developing a physical access control policy for the organization?

• A.Develop access control requirements for each system and application
• B.Design single sign-on or federated access
• C.Review customers' security policies
• D.Conduct a risk assessment to determine security risks and mitigating controls

Comment: *

Name: *

Email: *

Verification: *

What is the PRIMARY benefit to executive management when audit risk, and security functions are aligned?

• A.More timely risk reporting
• B.Reduced number of assurance reports
• C.More efficient incident handling
• D.More effective decision making

Comment: *

Name: *

Email: *

Verification: *