Posts by Admin

 

An organization recently rolled out a new procurement program that does not include any security requirements. Which of the following should the information security manager do FIRST?

Posted on by

An organization recently rolled out a new procurement program that does not include any security requirements. Which of the following should the information security manager do FIRST? Conduct security assessments of vendors based on value of annual spend with each vendor. Meet with the head of procurement to discuss aligning security with the organization’s operational […]
Continue reading…

 

Which of the following should be an information security manager’s FIRST course of action following a decision to implement a new technology?

Posted on by

Which of the following should be an information security manager’s FIRST course of action following a decision to implement a new technology? Determine security controls needed to support the new technology. Perform a business impact analysis (BIA) on the new technology. Perform a return-on-investment (ROI) analysis for the new technology. Determine whether the new technology […]
Continue reading…

 

Which of the following should be an information security manager’s PRIMARY role when an organization initiates a data classification process?

Posted on by

Which of the following should be an information security manager’s PRIMARY role when an organization initiates a data classification process? Verify that assets have been appropriately classified. Apply security in accordance with specific classification. Define the classification structure to be implemented. Assign the asset classification level.
Continue reading…

 

The MAIN purpose of documenting information security guidelines for use within a large, international organization is to:

Posted on by

The MAIN purpose of documenting information security guidelines for use within a large, international organization is to: ensure that all business units have the same strategic security goals. provide evidence for auditors that security practices are adequate. explain the organization’s preferred practices for security. ensure that all business units implement identical security procedures.
Continue reading…

 

Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process?

Posted on by

Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process? Make the provider accountable for security and compliance Perform continuous gap assessments Include audit rights in the service level agreement (SLA) Implement compensating controls
Continue reading…

 

Which of the following is the MOST effective way to ensure the process for granting access to new employees is standardized and meets organizational security requirements?

Posted on by

Which of the following is the MOST effective way to ensure the process for granting access to new employees is standardized and meets organizational security requirements? Grant authorization to individual systems as required with the approval of information security management. Require managers of new hires be responsible for account setup and access during employee orientation. […]
Continue reading…

 

An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager’s MOST important action in support of this initiative?

Posted on by

An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager’s MOST important action in support of this initiative? Calculate security implementation costs. Evaluate service level agreements (SLAs).  Provide cloud security requirements. Review cloud provider independent assessment reports.
Continue reading…

 

Which of the following method should be recommended by security professional to erase the data on the magnetic media that would be reused by another employee?

Posted on by

Which of the following method should be recommended by security professional to erase the data on the magnetic media that would be reused by another employee? Degaussing Overwrite every sector of magnetic media with pattern of 1’s and 0’s Format magnetic media Delete File allocation table Explanation: Software tools can provide object reuse assurance. These […]
Continue reading…

 

Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users?

Posted on by

Which of the following Confidentiality, Integrity, Availability (CIA) attribute supports the principle of least privilege by providing access to information only to authorized and intended users? Confidentiality Integrity Availability Accuracy Explanation: Confidentiality supports the principle of “least privilege” by providing that only authorized individuals, processes, or systems should have access to information on a need-to-know […]
Continue reading…