How would the information security program BEST support the adoption of emerging technologies?
Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?
Management decisions concerning information security investments will be MOST effective when they are based on:
Which of the following should be an information security manager ' s FIRST course of action when a potential business breach is discovered in a critical business system?
Of the following, who is accountable for data loss in the event of an information security incident at a third-party provider?
The manager of a key project has bypassed the standard contractor onboarding process to acquire additional resources for delivering the project on time. Contracts were executed offline, and contractors were provided organizational access without going through the standard due diligence process. Which of the following should be the PRIMARY concern?
Which of the following is the FIRST step in developing a business continuity plan (BCP)?
Which of the following will BEST facilitate the integration of information security governance into enterprise governance?
Which of the following is MOST appropriate to communicate to senior management regarding information risk?
When collecting admissible evidence, which of the following is the MOST important requirement?
An information security manager has learned of an increasing trend in attacks that use phishing emails impersonating an organization ' s CEO in an attempt to commit wire transfer fraud. Which of the following is the BEST way to reduce the risk associated with this type of attack?
Which of the following should have the MOST influence on an organization ' s response to a new industry regulation?
An organization recently outsourced the development of a mission-critical business application. Which of the following would be the BEST way to test for the existence of backdoors?
For which of the following is it MOST important that system administrators be restricted to read-only access?
Which of the following is the PRIMARY reason to review the firewall logs when an external network-based attack is reported by the intrusion detection system (IDS)?
Which of the following should be the PRIMARY basis for the development of a business case to obtain support for an information security project?
An organization recently updated and published its information security policy and standards. What should the information security manager do NEXT?
An organization would like to invest in a new emerging technology. Which of the following is MOST important for the information security manager to consider when evaluating its impact?
An organization has an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager ' s BEST course of action?
Which of the following BEST helps to ensure risk appetite is considered during the risk treatment process?