Which of the following will significantly affect the standard information security governance model?

• A.Currency with changing legislative requirements
• B.Number of employees
• C.Complexity of the organizational structure
• D.Cultural differences between physical locations

Comment: *

Name: *

Email: *

Verification: *

Which of the following would be MOST beneficial as a key risk indicator (KRI)?

• A.Negative security return on investment (ROI)
• B.Current capital allocation reserves
• C.Annualized loss projections
• D.Project cost variances

Comment: *

Name: *

Email: *

Verification: *

Which of the blowing is MOST important when implementing an organization s security policy?

• A.Assessing compliance requirements
• B.Benchmarking against industry standards
• C.Obtaining management support
• D.Identifying threats and vulnerabilities

Comment: *

Name: *

Email: *

Verification: *

After a high-profile systems breach at an organization's key vendor, the vendor has implemented additional mitigating controls. The vendor has voluntarily shared the following set of assessments:

Which of the assessments provides the MOST reliable input to evaluate residual risk in the vendor's control environment?

• A.Regulatory examination
• B.External audit
• C.Internal audit
• D.Vendor performance scorecard

Comment: *

Name: *

Email: *

Verification: *

An organization practices the principle of least privilege. To ensure access remains appropriate, application owners should be required to review user access rights on a regular basis by obtaining:

• A.an access control matrix and approval from the user's manager
• B.business purpose documentation and software license counts
• C.documentation indicating the intended users of the application
• D.security logs to determine the cause of invalid login attempts

Comment: *

Name: *

Email: *

Verification: *