To help ensure that an information security training program is MOST effective, its contents should be:
Which of the following is MOST important to have in place as a basis for developing an effective information security program that supports the organization's business goals?
To support effective risk decision making, which of the following is MOST important to have in place?
Which of the following change management procedures is MOST likely to cause concern to the information security manager?
Management decisions concerning information security investments will be MOST effective when they are based on:
The PRIMARY objective of a post-incident review of an information security incident is to:
Which of the following is MOST important to include in monthly information security reports to the board?
Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization’s information security program?
An organization has identified an increased threat of external brute force attacks in its environment. Which of the following is the MOST effective way to mitigate this risk to the organization's critical systems?
An organization plans to offer clients a new service that is subject to regulations. What should the organization do FIRST when developing a security strategy in support of this new service?
Which of the following should be the PRIMARY objective of the information security incident response process?
Which of the following is the FIRST step to establishing an effective information security program?
Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?
Which of the following is the MOST critical factor for information security program success?
An intrusion has been detected and contained. Which of the following steps represents the BEST practice for ensuring the integrity of the recovered system?
Which of the following BEST enables the integration of information security governance into corporate governance?
A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?
Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?
An organization's marketing department wants to use an online collaboration service, which is not in compliance with the information security policy, A risk assessment is performed, and risk acceptance is being pursued. Approval of risk acceptance should be provided by:
To overcome the perception that security is a hindrance to business activities, it is important for an information security manager to:
The MOST important reason for having an information security manager serve on the change management committee is to:
Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?
Which of the following BEST ensures timely and reliable access to services?
An organization is close to going live with the implementation of a cloud-based application. Independent penetration test results have been received that show a high-rated vulnerability. Which of the following would be the BEST way to proceed?
Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?
Which of the following roles is BEST able to influence the security culture within an organization?
During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:
Which of the following is the BEST evidence of alignment between corporate and information security governance?
Which of the following is the PRIMARY role of an information security manager in a software development project?
IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant controls are applied to a project?
The effectiveness of an information security governance framework will BEST be enhanced if:
Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?
Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?
Which of the following is the BEST method to ensure compliance with password standards?
A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:
Which of the following is MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?
Due to changes in an organization's environment, security controls may no longer be adequate. What is the information security manager's BEST course of action?
Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
Which of the following is MOST helpful for aligning security operations with the IT governance framework?
What should be an information security manager's MOST important consideration when developing a multi-year plan?
An organization is aligning its incident response capability with a public cloud service provider. What should be the information security manager's FIRST course of action?
An organization has received complaints from users that some of their files have been encrypted. These users are receiving demands for money to decrypt the files. Which of the following would be the BEST course of action?
Which of the following would BEST help to ensure appropriate security controls are built into software?