Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message?

Which of the following, using public key cryptography, ensures authentication, confidentiality and nonrepudiation of a message? Encrypting first by receiver’s private key and second by sender’s public key Encrypting first by sender’s private key and second by receiver’s public key Encrypting first by sender’s private key and second decrypting by sender’s public key Encrypting first […]
Continue reading…

 

The MAIN goal of an information security strategic plan is to:

The MAIN goal of an information security strategic plan is to: develop a risk assessment plan. develop a data protection plan. protect information assets and resources. establish security governance. Explanation: The main goal of an information security strategic plan is to protect information assets and resources. Developing a risk assessment plan and H data protection […]
Continue reading…

 

Which of the following is a key area of the ISO 27001 framework?

Which of the following is a key area of the ISO 27001 framework? Operational risk assessment Financial crime metrics Capacity management Business continuity management Explanation: Operational risk assessment, financial crime metrics and capacity management can complement the information security framework, but only business continuity management is a key component.
Continue reading…

 

Which of the following would be the BEST metric for the IT risk management process?

Which of the following would be the BEST metric for the IT risk management process? Number of risk management action plans Percentage of critical assets with budgeted remedial Percentage of unresolved risk exposures Number of security incidents identified Explanation: Percentage of unresolved risk exposures and the number of security incidents identified contribute to the IT […]
Continue reading…

 

When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance?

When considering the value of assets, which of the following would give the information security manager the MOST objective basis for measurement of value delivery in information security governance? Number of controls Cost of achieving control objectives Effectiveness of controls Test results of controls Explanation: Comparison of cost of achievement of control objectives and corresponding […]
Continue reading…

 

An organization without any formal information security program that has decided to implement information security best practices should FIRST:

An organization without any formal information security program that has decided to implement information security best practices should FIRST: invite an external consultant to create the security strategy. allocate budget based on best practices. benchmark similar organizations. define high-level business security requirements. Explanation: All four options are valid steps in the process of implementing information […]
Continue reading…

 

In an organization, information systems security is the responsibility of:

In an organization, information systems security is the responsibility of: all personnel. information systems personnel. information systems security personnel. functional personnel. Explanation: All personnel of the organization have the responsibility of ensuring information systems security-this can include indirect personnel such as physical security personnel. Information systems security cannot be the responsibility of information systems personnel […]
Continue reading…

 

What is the MOST important item to be included in an information security policy?

What is the MOST important item to be included in an information security policy? The definition of roles and responsibilities The scope of the security program The key objectives of the security program Reference to procedures and standards of the security program Explanation: Stating the objectives of the security program is the most important element […]
Continue reading…

 

To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should:

To BEST improve the alignment of the information security objectives in an organization, the chief information security officer (CISO) should: revise the information security program. evaluate a balanced business scorecard. conduct regular user awareness sessions. perform penetration tests. Explanation: The balanced business scorecard can track the effectiveness of how an organization executes it information security […]
Continue reading…

 

Which of the following controls is MOST effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices?

Which of the following controls is MOST effective in providing reasonable assurance of physical access compliance to an unmanned server room controlled with biometric devices? Regular review of access control lists Security guard escort of visitors Visitor registry log at the door A biometric coupled with a PIN Explanation: A review of access control lists […]
Continue reading…

 

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

Which of the following is BEST to include in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate? Estimated reduction in risk Estimated increase in efficiency Projected costs over time Projected increase in maturity level
Continue reading…