A proposal designed to gain buy-in from senior management for a new security project will be MOST effective if it includes:
Threat and vulnerability assessments are important PRIMARILY because they are:
A risk assessment exercise has identified the threat of a denial of service (DoS) attack Executive management has decided to take no further action related to this risk. The MO ST likely reason for this decision is
Which of the following is the BEST way to align security and business strategies?
When developing an asset classification program, which of the following steps should be completed FIRST?
An incident response team recently encountered an unfamiliar type of cyber event. Though the team was able to resolve the issue, it took a significant amount of time to identify. What is the BEST way to help ensure similar incidents are identified more quickly in the future?
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
Which of the following trends would be of GREATEST concern when reviewing the performance of an organization ' s intrusion detection systems (IDSs)?
Which of the following BEST supports effective and timely incident response?
For the information security manager, integrating the various assurance functions of an organization is important PRIMARILY to enable:
Which of the following is the BEST defense against a brute force attack?
Which of the following should be the PRIMARY focus of a lessons learned exercise following a successful response to a cybersecurity incident?
An organization is outsourcing a business function to an external vendor. Which of the following BEST enables management to ensure the vendor continuously complies with security requirements stated in the master contract?
Which of the following is MOST important to the effectiveness of an information security steering committee?
What is the PRIMARY role of the information security program?
A business impact analysis (BIA) BEST enables an organization to establish:
An information security manager has been made aware of a new data protection regulation that will soon go into effect. Which of the following is the BEST way to manage the risk of noncompliance?
Which of the following BEST protects against emerging advanced persistent threat (APT) actors?
Which of the following is MOST important to verify during a test of an organization’s incident response process?
When selecting metrics to monitor the effectiveness of an information security program, it is MOST important for an information security manager to: