Which of the following activities is MOST likely to increase the difficulty of totally eradicating malicious code that is not immediately detected?

• A.Applying patches
• B.Changing access rules
• C.Upgrading hardware
• D.Backing up files

Comment: *

Name: *

Email: *

Verification: *

An organization's CIO has tasked the information security manager with drafting the charter for an information security steering committee. The committee will be comprised of the CIO, the IT shared services manager, the vice president of marketing, and the information security manager.
Which of the following is the MOST significant issue with the development of this committee?

• A.The committee lacks sufficient business representation.
• B.The CIO is not taking charge of the committee.
• C.The committee consists of too many senior executives.
• D.There is a conflict of interest between the business and IT.

Comment: *

Name: *

Email: *

Verification: *

The MOST important outcome of information security governance is:

• A.informed decision making.
• B.alignment with business goals.
• C.business risk avoidance
• D.alignment with compliance requirements.

Comment: *

Name: *

Email: *

Verification: *

Which of the following should be the PRIMARY focus of a status report on the information security program to senior management?

• A.Providing evidence that resources are performing as expected
• B.Verifying security costs do not exceed the budget
• C.Demonstrating risk is managed at the desired level
• D.Confirming the organization complies with security policies

Comment: *

Name: *

Email: *

Verification: *

The objective of risk management is to reduce risk to the minimum level that is:

• A.achievable from technical and financial perspectives.
• B.acceptable given the preference of the organization.
• C.practical given industry and regulatory environments.
• D.compliant with security policies

Comment: *

Name: *

Email: *

Verification: *