Topic 1: Governance (Policy, Legal & Compliance)
An organization’s firewall technology needs replaced. A specific technology has been selected that is less costly than others and lacking in some important capabilities. The security officer has voiced concerns about sensitive data breaches but the decision is made to purchase. What does this selection indicate?
A.
A high threat environment
B.
A low risk tolerance environment
C.
I low vulnerability environment
D.
A high risk tolerance environment
A high risk tolerance environment
When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?
A.
An independent Governance, Risk and Compliance organization
B.
Alignment of security goals with business goals
C.
Compliance with local privacy regulations
D.
Support from Legal and HR teams
Alignment of security goals with business goals
Which of the following is MOST important when dealing with an Information Security Steering committee:
A.
Include a mix of members from different departments and staff levels.
B.
Ensure that security policies and procedures have been vetted and approved.
C.
Review all past audit and compliance reports.
D.
Be briefed about new trends and products at each meeting by a vendor.
Review all past audit and compliance reports.
Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?
A.
Need to comply with breach disclosure laws
B.
Need to transfer the risk associated with hosting PII data
C.
Need to better understand the risk associated with using PII data
D.
Fiduciary responsibility to safeguard credit card information
Need to better understand the risk associated with using PII data
The Information Security Management program MUST protect:
A.
all organizational assets
B.
critical business processes and /or revenue streams
C.
intellectual property released into the public domain
D.
against distributed denial of service attacks
critical business processes and /or revenue streams
Why is it vitally important that senior management endorse a security policy?
A.
So that they will accept ownership for security within the organization
B.
So that employees will follow the policy directives.
C.
So that external bodies will recognize the organizations commitment to security.
D.
So that they can be held legally accountable.
So that they will accept ownership for security within the organization
The exposure factor of a threat to your organization is defined by?
A.
Asset value times exposure factor
B.
Annual rate of occurrence
C.
Annual loss expectancy minus current cost of controls
D.
Percentage of loss experienced due to a realized threat event
Percentage of loss experienced due to a realized threat event
A security professional has been promoted to be the CISO of an organization. The first task is to create a security policy for this organization. The CISO creates and publishes the security policy. This policy however, is ignored and not enforced consistently. Which of the following is the MOST likely reason for the policy shortcomings?
A.
Lack of a formal security awareness program
B.
Lack of a formal security policy governance process
C.
Lack of formal definition of roles and responsibilities
D.
Lack of a formal risk management policy
Lack of a formal security policy governance process
Credit card information, medical data, and government records are all examples of:
A.
Confidential/Protected Information
B.
Bodily Information
C.
Territorial Information
D.
Communications Information
Confidential/Protected Information
Which of the following is considered the MOST effective tool against social engineering?
A.
Anti-phishing tools
B.
Anti-malware tools
C.
Effective Security Vulnerability Management Program
D.
Effective Security awareness program
Effective Security awareness program
Page 4 out of 45 Pages |
Previous |