Which of the following should be the FIRST step in developing an information security plan?

Which of the following should be the FIRST step in developing an information security plan? A.Perform a technical vulnerabilities assessment B.Analyze the current business strategy C.Perform a business impact analysis D.Assess the current levels of security awareness Explanation: Prior to assessing technical vulnerabilities or levels of security awareness, an information securitymanager needs to gain an […]

Read More

Senior management commitment and support for information security can BEST be obtained through presentations t

Senior management commitment and support for information security can BEST be obtainedthrough presentations that: A.use illustrative examples of successful attacks. B.explain the technical risks to the organization. C.evaluate the organization against best security practices. D.tie security risks to key business objectives. Explanation: Senior management seeks to understand the business justification for investing in security. Thiscan […]

Read More

The MOST appropriate role for senior management in supporting information security is the:

The MOST appropriate role for senior management in supporting information security is the: A.evaluation of vendors offering security products. B.assessment of risks to the organization. C.approval of policy statements and funding. D.monitoring adherence to regulatory requirements. Explanation: Since the members of senior management are ultimately responsible for information security, theyare the ultimate decision makers in […]

Read More

Which of the following would BEST ensure the success of information security governance within an organization

Which of the following would BEST ensure the success of information security governance withinan organization? A.Steering committees approve security projects B.Security policy training provided to all managers C.Security training available to all employees on the intranet D.Steering committees enforce compliance with laws and regulations Explanation: The existence of a steering committee that approves all security […]

Read More

Information security governance is PRIMARILY driven by:

Information security governance is PRIMARILY driven by: A.technology constraints. B.regulatory requirements. C.litigation potential. D.business strategy. Explanation: Governance is directly tied to the strategy and direction of the business. Technology constraints,regulatory requirements and litigation potential are all important factors, but they are necessarily inline with the business strategy. Show Answer

Read More

Which of the following represents the MAJOR focus of privacy regulations?

Which of the following represents the MAJOR focus of privacy regulations? A.Unrestricted data mining B.Identity theft C.Human rights protection D. D.Identifiable personal data Explanation: Protection of identifiable personal data is the major focus of recent privacy regulations such as theHealth Insurance Portability and Accountability Act (HIPAA). Data mining is an accepted tool forad hoc reporting; […]

Read More

Investments in information security technologies should be based on:

Investments in information security technologies should be based on: A.vulnerability assessments. B.value analysis. C.business climate. D.audit recommendations. Explanation: Investments in security technologies should be based on a value analysis and a sound businesscase. Demonstrated value takes precedence over the current business climate because it is everchanging. Basing decisions on audit recommendations would be reactive in […]

Read More

Retention of business records should PRIMARILY be based on:

Retention of business records should PRIMARILY be based on: A.business strategy and direction. B.regulatory and legal requirements. C.storage capacity and longevity. D.business ease and value analysis. Explanation: Retention of business records is generally driven by legal and regulatory requirements. Businessstrategy and direction would not normally apply nor would they override legal and regulatoryrequirements. Storage capacity […]

Read More

Which of the following is characteristic of centralized information security management?

Which of the following is characteristic of centralized information security management? A.More expensive to administer B.Better adherence to policies C.More aligned with business unit needs D.Faster turnaround of requests Explanation: Centralization of information security management results in greater uniformity and betteradherence to security policies. It is generally less expensive to administer due to the economics […]

Read More

Successful implementation of information security governance will FIRST require:

Successful implementation of information security governance will FIRST require: A.security awareness training. B.updated security policies. C.a computer incident management team. D.a security architecture. Explanation: Updated security policies are required to align management objectives with security procedures;management objectives translate into policy, policy translates into procedures. Securityprocedures will necessitate specialized teams such as the computer incident response […]

Read More