What is the role of the information security manager in finalizing contract negotiations with service providers?

• A.To obtain a security standard certification from the provider
• B.To update security standards for the outsourced process
• C.To ensure that clauses for periodic audits are included
• D.To perform a risk analysis on the outsourcing process

Comment: *

Name: *

Email: *

Verification: *

Which of the following is MOST closely associated with a business continuity program?

• A.Confirming that detailed technical recovery plans exist
• B.Periodically testing network redundancy
• C.Updating the hot site equipment configuration every quarter
• D.Developing recovery time objectives (RTOs) for critical functions

Comment: *

Name: *

Email: *

Verification: *

Which of the following is the BEST indication that an information security control is no longer relevant?

• A.Following the control costs the business more than not following it.
• B.Users regularly bypass or ignore the control
• C.IT management does not support the control.
• D.The control does not support a specific business function.

Comment: *

Name: *

Email: *

Verification: *

Senior management commitment and support for information security can BEST be obtained through presentations that:

• A.use illustrative examples of successful attacks.
• B.explain the technical risks to the organization.
• C.evaluate the organization against best security practices.
• D.tie security risks to key business objectives.

Comment: *

Name: *

Email: *

Verification: *

A balanced scorecard MOST effectively enables information security:

• A.risk management
• B.project management
• C.governance
• D.performance

Comment: *

Name: *

Email: *

Verification: *