An organization recently rolled out a new procurement program that does not include any security requirements. Which of the following should the information security manager do FIRST? Conduct security assessments of vendors based on value of annual spend with each vendor. Meet with the head of procurement to discuss aligning security with the organization’s operational […]
Continue reading…
Posts by Admin
Which of the following defines the minimum security requirements that a specific system must meet?
Which of the following defines the minimum security requirements that a specific system must meet? Security policy Security guideline Security procedure Security baseline
Continue reading…
Which of the following should be an information security manager’s FIRST course of action following a decision to implement a new technology?
Which of the following should be an information security manager’s FIRST course of action following a decision to implement a new technology? Determine security controls needed to support the new technology. Perform a business impact analysis (BIA) on the new technology. Perform a return-on-investment (ROI) analysis for the new technology. Determine whether the new technology […]
Continue reading…
Which of the following should be an information security manager’s PRIMARY role when an organization initiates a data classification process?
Which of the following should be an information security manager’s PRIMARY role when an organization initiates a data classification process? Verify that assets have been appropriately classified. Apply security in accordance with specific classification. Define the classification structure to be implemented. Assign the asset classification level.
Continue reading…
The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:
The MAIN purpose of documenting information security guidelines for use within a large, international organization is to: ensure that all business units have the same strategic security goals. provide evidence for auditors that security practices are adequate. explain the organization’s preferred practices for security. ensure that all business units implement identical security procedures.
Continue reading…
Which of the following is the BEST course of action for an information security manager to align security and business goals?
Which of the following is the BEST course of action for an information security manager to align security and business goals? Defining key performance indicators (KPIs) Actively engaging with stakeholders Reviewing the business strategy Conducting a business impact analysis (BIA)
Continue reading…
Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process?
Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process? Make the provider accountable for security and compliance Perform continuous gap assessments Include audit rights in the service level agreement (SLA) Implement compensating controls
Continue reading…
Which if the following is MOST important to building an effective information security program?
Which if the following is MOST important to building an effective information security program? Information security architecture to increase monitoring activities Management support for information security Relevant and timely content included in awareness programs Logical access controls for information systems
Continue reading…
Which of the following has the GREATEST impact on efforts to improve an organization’s security posture?
Which of the following has the GREATEST impact on efforts to improve an organization’s security posture? Supportive tone at the top management regarding security Well-documented security policies and procedures Regular reporting to senior management Automation of security controls
Continue reading…
Which of the following is the MOST effective way to ensure the process for granting access to new employees is standardized and meets organizational security requirements?
Which of the following is the MOST effective way to ensure the process for granting access to new employees is standardized and meets organizational security requirements? Grant authorization to individual systems as required with the approval of information security management. Require managers of new hires be responsible for account setup and access during employee orientation. […]
Continue reading…
An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager’s MOST important action in support of this initiative?
An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager’s MOST important action in support of this initiative? Calculate security implementation costs. Evaluate service level agreements (SLAs). Provide cloud security requirements. Review cloud provider independent assessment reports.
Continue reading…
Which of the following MUST be established before implementing a data loss prevention (DLP) system?
Which of the following MUST be established before implementing a data loss prevention (DLP) system? Privacy impact assessment A data backup policy Data classification A data recovery policy
Continue reading…
Which of the following security characteristics is MOST important to the protection of customer data in an online transaction system?
Which of the following security characteristics is MOST important to the protection of customer data in an online transaction system? Availability Data segregation Audit monitoring Authentication
Continue reading…
Which of the following method should be recommended by security professional to erase the data on the magnetic media that would be reused by another employee?
Which of the following method should be recommended by security professional to erase the data on the magnetic media that would be reused by another employee? Degaussing Overwrite every sector of magnetic media with pattern of 1’s and 0’s Format magnetic media Delete File allocation table Explanation: Software tools can provide object reuse assurance. These […]
Continue reading…
Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users?
Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users? Confidentiality Integrity Availability Accuracy Explanation: Confidentiality supports the principle of “least privilege” by providing that only authorized individuals, processes, or systems should have access to information on a need-to-know […]
Continue reading…