Which of the following is the PRIMARY prerequisite to implementing data classification within an organization?

• A.Defining job roles
• B.Performing a risk assessment
• C.Identifying data owners
• D.Establishing data retention policies

Comment: *

Name: *

Email: *

Verification: *

In a social engineering scenario, which of the following will MOST likely reduce the likelihood of an unauthorized individual gaining access to computing resources?

• A.Implementing on-screen masking of passwords
• B.Conducting periodic security awareness programs
• C.Increasing the frequency of password changes
• D.Requiring that passwords be kept strictly confidential

Comment: *

Name: *

Email: *

Verification: *

The management staff of an organization that does not have a dedicated security function decides to use its IT manager to perform a security review. The MAIN job requirement in this arrangement is that the IT manager

• A.report risks in other departments.
• B.obtain support from other departments.
• C.report significant security risks.
• D.have knowledge of security standards.

Comment: *

Name: *

Email: *

Verification: *

Which of the following would BEST demonstrate the status of an organization's information security program to the board of directors?

• A.Information security program metrics
• B.Results of a recent external audit
• C.The information security operations matrix
• D.Changes to information security risks

Comment: *

Name: *

Email: *

Verification: *

What is the BEST way for an information security manager to maintain continuous insight into the effectiveness of the organization's information security program?

• A.Conduct quarterly penetration testing.
• B.Establish information security metrics.
• C.Develop timely information security risk reporting.
• D.Solicit feedback from end users

Comment: *

Name: *

Email: *

Verification: *