Which of the following is a PRIMARY responsibility of the information security goxernance function?
A user reports a stolen personal mobile device that stores sensitive corporate data. Which of the following will BEST minimize the risk of data exposure?
What should be an information security manager ' s FIRST step when developing a business case for a new intrusion detection system (IDS) solution?
Which of the following is the PRIMARY reason to regularly update business continuity and disaster recovery documents?
Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?
Which of the following BEST illustrates residual risk within an organization?
From an information security perspective, legal issues associated with a transborder flow of technology-related items are MOST often
Which of the following is the GREATEST benefit of performing a tabletop exercise of the business continuity plan (BCP)?
Information security controls should be designed PRIMARILY based on:
Following a breach where the risk has been isolated and forensic processes have been performed, which of the following should be done NEXT?
Which of the following processes BEST supports the evaluation of incident response effectiveness?
Which of the following should be the FIRST step in developing an information security strategy?
Which of the following is MOST important to ensuring that incident management plans are executed effectively?
Which of the following should be the FIRST step in developing an information security strategy?
Which of the following should be done FIRST to prioritize response to incidents?
The MAIN benefit of implementing a data loss prevention (DLP) solution is to:
An information security manager is alerted to multiple security incidents across different business units, with unauthorized access to sensitive data and potential data exfiltration from critical systems. Which of the following is the BEST course of action to appropriately classify and prioritize these incidents?
Which of the following would be MOST helpful when creating information security policies?
Which of the following BEST indicates the effectiveness of the vendor risk management process?
A project team member notifies the information security manager of a potential security risk that has not been included in the risk register. Which of the following should the information security manager do FIRST?