Cism text-2
291 Questions
8 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the PRIMARY purpose for continuous monitoring of security controls?

  • Alignment with compliance requirements is maintained
  • Effectiveness of controls is evaluated (correct)
  • Control gaps are minimized
  • System availability is ensured
  • How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

  • Assigning restoration priority during incidents (correct)
  • Evaluating vendors critical to business recovery
  • Calculating residual risk after the incident recovery phase
  • Determining total cost of ownership (TCO)
  • Which of the following is MOST important to communicate with regard to open items from the risk register to senior management?

  • Potential business impact (correct)
  • Compensating controls
  • Key risk indicators (KRIs)
  • Responsible entities
  • An organization's information security manager is performing a post-incident review. Which of the following could have been prevented by conducting regular incident response testing?

    <p>Ignored alert messages</p> Signup and view all the answers

    What is the BEST way to ensure an organization's disaster recovery plan can be carried out in an emergency?

    <p>Require disaster recovery documentation be stored with all key decision makers</p> Signup and view all the answers

    What is the MOST effective way to help staff members understand their responsibilities for information security?

    <p>Require staff to participate in information security awareness training</p> Signup and view all the answers

    What is the MOST helpful approach for properly scoping a security assessment of an existing vendor?

    <p>Review controls listed in the vendor contract</p> Signup and view all the answers

    What will BEST facilitate the integration of information security governance into enterprise governance?

    <p>Establishing an information security steering committee</p> Signup and view all the answers

    When remote access to confidential information is granted to a vendor for analytic purposes, what is the MOST important security consideration?

    <p>The vendor must agree to the organization's information security policy</p> Signup and view all the answers

    What should be the PRIMARY basis for determining the value of assets?

    <p>Business cost when assets are not available</p> Signup and view all the answers

    What is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

    <p>Implement a mobile device management (MDM) solution</p> Signup and view all the answers

    What should the information security manager's FIRST step be to ensure the security policy framework encompasses a new business model?

    <p>Perform a gap analysis</p> Signup and view all the answers

    What is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?

    <p>Organizational tolerance to service interruption</p> Signup and view all the answers

    What is the BEST approach to incident response for an organization migrating to a cloud-based solution?

    <p>Revise incident response procedures to encompass the cloud environment</p> Signup and view all the answers

    What should be the PRIMARY basis for a severity hierarchy for information security incident classification?

    <p>Adverse effects on the business</p> Signup and view all the answers

    Why should spoofing be prevented?

    <p>Gain illegal entry to a secure system by faking the sender's address</p> Signup and view all the answers

    What is the best approach to identify risks associated with a social engineering attack?

    <p>Testing user knowledge of information security practices</p> Signup and view all the answers

    What most effectively enables information security governance?

    <p>A balanced scorecard</p> Signup and view all the answers

    What should be the first step when an online bank identifies a network attack in progress?

    <p>Isolate the affected network segment</p> Signup and view all the answers

    What is the most important aspect to include in a report to key stakeholders regarding the effectiveness of an information security program?

    <p>Security metrics</p> Signup and view all the answers

    What best enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

    <p>Embedding compliance requirements within operational processes</p> Signup and view all the answers

    What demonstrates the added value of an information security program most effectively?

    <p>A balanced scorecard</p> Signup and view all the answers

    What is the most important consideration when determining which type of failover site to employ?

    <p>Recovery time objectives (RTOs)</p> Signup and view all the answers

    What best enables an organization to enhance its incident response plan processes and procedures?

    <p>Lessons learned analysis</p> Signup and view all the answers

    What are the main topics covered in the text?

    <p>Risk assessment, incident response, change management, security awareness, disaster recovery, and data protection</p> Signup and view all the answers

    What is the most likely reason for executive management to decide not to take further action related to the threat of a denial of service (DoS) attack?

    <p>The cost of implementing controls exceeds potential financial losses</p> Signup and view all the answers

    What does the text emphasize about involving key stakeholders?

    <p>In risk assessment, incident response planning, and security governance</p> Signup and view all the answers

    What is the most effective course of action when dealing with employees utilizing free cloud storage services to store company data through their mobile devices?

    <p>Assess the business need to provide a secure solution</p> Signup and view all the answers

    What does the text stress the importance of in managing information security incidents, change management, and disaster recovery?

    <p>Clear documentation, communication, and coordination</p> Signup and view all the answers

    What is the best use of security metrics?

    <p>To determine the maturity of an information security program</p> Signup and view all the answers

    What does the text underscore the significance of in aligning security with business goals?

    <p>Conducting business impact analysis and integrating information security governance into corporate governance</p> Signup and view all the answers

    What is most important for the information security manager to confirm when relying on a potential vendor's certification for international security standards?

    <p>The certification scope is relevant to the service being offered</p> Signup and view all the answers

    What does the text stress the importance of in evaluating security metrics, incident response tests, and reported security incidents?

    <p>Senior leadership involvement</p> Signup and view all the answers

    What is the primary focus of information security management according to the text?

    <p>Involving key stakeholders and aligning security with business goals</p> Signup and view all the answers

    What is highlighted as essential for managing information security incidents, change management, and disaster recovery?

    <p>Clear documentation, communication, and coordination</p> Signup and view all the answers

    What does the text stress the need for in protecting data and establishing effective incident management procedures and policies?

    <p>Prioritizing recovery of services</p> Signup and view all the answers

    What is emphasized as significant in evaluating security metrics, incident response tests, and reported security incidents?

    <p>Senior leadership involvement</p> Signup and view all the answers

    What does the text stress the importance of aligning with business goals and integrating into corporate governance?

    <p>Information security governance</p> Signup and view all the answers

    What is highlighted as essential for involving key stakeholders and managing information security incidents?

    <p>Risk assessment and incident response planning</p> Signup and view all the answers

    What is stressed as the need for clear documentation, communication, and coordination in managing information security incidents?

    <p>Clear documentation, communication, and coordination</p> Signup and view all the answers

    What is the BEST way to reduce the impact of a successful ransomware attack?

    <p>Perform frequent backups and store them offline</p> Signup and view all the answers

    Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?

    <p>Identify critical business functions and processes</p> Signup and view all the answers

    Which of the following processes BEST supports the evaluation of incident response effectiveness?

    <p>Post-incident review</p> Signup and view all the answers

    To help ensure that an information security training program is MOST effective, its contents should be:

    <p>Focused on employees' roles</p> Signup and view all the answers

    Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?

    <p>An information security dashboard</p> Signup and view all the answers

    Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

    <p>Review and update existing security policies</p> Signup and view all the answers

    Which of the following is the BEST option to lower the cost to implement application security controls?

    <p>Integrate security activities within the development process</p> Signup and view all the answers

    Which of the following is the FIRST step to establishing an effective information security program?

    <p>Create a business case</p> Signup and view all the answers

    When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:

    <p>Regulatory requirements</p> Signup and view all the answers

    Which of the following is MOST effective in monitoring an organization's existing risk?

    <p>Security information and event management (SIEM) systems</p> Signup and view all the answers

    Which of the following would BEST justify continued investment in an information security program?

    <p>Reduction in residual risk</p> Signup and view all the answers

    Which of the following has the GREATEST influence on an organization's information security strategy?

    <p>The organization's risk tolerance</p> Signup and view all the answers

    What is the primary responsibility of an information security manager when implementing company-owned mobile devices?

    <p>Review and update existing security policies</p> Signup and view all the answers

    What is the best metric to measure the effectiveness of an organization's information security program?

    <p>Return on information security investment</p> Signup and view all the answers

    What is the first step an information security manager should take when creating an organization's disaster recovery plan (DRP)?

    <p>Conduct a business impact analysis (BIA)</p> Signup and view all the answers

    What is the best basis for determining the allocation of resources during a security incident response?

    <p>Defined levels of severity</p> Signup and view all the answers

    What is the most helpful for protecting an enterprise from advanced persistent threats (APTs)?

    <p>Defined security standards</p> Signup and view all the answers

    What is the best process to evaluate incident response effectiveness?

    <p>Post-incident review</p> Signup and view all the answers

    What should be the primary basis for a severity hierarchy for information security incident classification?

    <p>Defined levels of severity</p> Signup and view all the answers

    What is the first step to establishing an effective information security program?

    <p>Create a business case</p> Signup and view all the answers

    What is the best option to lower the cost of implementing application security controls?

    <p>Integrating security activities within the development process</p> Signup and view all the answers

    What is the best approach to lower the cost of implementing application security controls?

    <p>Integrating security activities within the development process</p> Signup and view all the answers

    What is the best approach for an effective information security training program?

    <p>Base it on employees' roles for maximum impact</p> Signup and view all the answers

    What should an information security manager do to promote the relevance and contribution of security?

    <p>Overcome the perception that security is a hindrance to business activities</p> Signup and view all the answers

    Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?

    <p>Red team exercise</p> Signup and view all the answers

    Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

    <p>Determine recovery priorities</p> Signup and view all the answers

    What is MOST important to include in an information security status report for management?

    <p>Key risk indication (KRIs)</p> Signup and view all the answers

    A post-incident review identified that user error resulted in a major breach. What is MOST important to determine during the review?

    <p>The underlying reason for the user error</p> Signup and view all the answers

    What is the primary focus of the questions related to information security management?

    <p>Testing knowledge and understanding of best practices and strategies</p> Signup and view all the answers

    Which of the following actions do the questions emphasize the importance of in the context of information security management?

    <p>Strategic decision-making</p> Signup and view all the answers

    What is the primary purpose of the questions related to incident response and evidence maintenance?

    <p>To prioritize and take the first steps in various security-related scenarios</p> Signup and view all the answers

    What do the questions require understanding the significance of in the context of information security management?

    <p>Risk assessment and change management controls</p> Signup and view all the answers

    What do the questions stress the importance of in managing information security incidents, change management, and disaster recovery?

    <p>Strategic decision-making and alignment of security initiatives</p> Signup and view all the answers

    What is the main focus of the questions related to addressing security challenges in an organization?

    <p>Strategic decision-making and gaining senior management approval</p> Signup and view all the answers

    What is the primary responsibility emphasized in the questions for an information security manager when implementing company-owned mobile devices?

    <p>Maintaining evidence and addressing concerns related to intrusion prevention</p> Signup and view all the answers

    What is highlighted as essential for involving key stakeholders and managing information security incidents?

    <p>Strategic decision-making and alignment of security initiatives</p> Signup and view all the answers

    What is the most important aspect to include in a report to key stakeholders regarding the effectiveness of an information security program?

    <p>Strategic alignment of security initiatives</p> Signup and view all the answers

    What is the best approach for an effective information security training program according to the questions?

    <p>Strategic decision-making and alignment of security initiatives</p> Signup and view all the answers

    What demonstrates the added value of an information security program most effectively according to the questions?

    <p>Strategic decision-making and alignment of security initiatives</p> Signup and view all the answers

    What is emphasized as significant in evaluating security metrics, incident response tests, and reported security incidents according to the questions?

    <p>Strategic decision-making and alignment of security initiatives</p> Signup and view all the answers

    What is the primary benefit of maintaining an information security governance framework?

    <p>Reducing unnecessary duplication of compliance activities</p> Signup and view all the answers

    What is the primary reason to perform regular reviews of the cybersecurity threat landscape?

    <p>Comparing emerging trends with existing security posture</p> Signup and view all the answers

    What is the best approach to reduce unnecessary duplication of compliance activities?

    <p>Standardization of compliance requirements</p> Signup and view all the answers

    What is the primary benefit of effective risk decision making?

    <p>Establishment of risk domains</p> Signup and view all the answers

    What is the primary benefit of aligning information security governance with corporate governance?

    <p>Managing business risks to an acceptable level</p> Signup and view all the answers

    What is the primary reason for an organization to suspend data exchange with a provider and notify regulatory authorities of a breach?

    <p>Ensuring regulatory compliance</p> Signup and view all the answers

    What is the primary benefit of including the disaster recovery communication plan in an outsourcing agreement for disaster recovery activities?

    <p>Managing business risks to an acceptable level</p> Signup and view all the answers

    What is the best evidence of alignment of information security governance with corporate governance?

    <p>Average return on investment (ROI) associated with security initiatives</p> Signup and view all the answers

    What is the primary benefit of maintaining an information security governance framework?

    <p>Reducing unnecessary duplication of compliance activities</p> Signup and view all the answers

    What is the primary reason to perform regular reviews of the cybersecurity threat landscape?

    <p>Comparing emerging trends with existing security posture</p> Signup and view all the answers

    What is the best approach to reduce unnecessary duplication of compliance activities?

    <p>Standardization of compliance requirements</p> Signup and view all the answers

    What is the primary benefit of effective risk decision making?

    <p>Establishment of risk domains</p> Signup and view all the answers

    What is the primary purpose of introducing a single point of administration in network monitoring according to the text?

    <p>To streamline and improve control of the environment</p> Signup and view all the answers

    What is the best course of action when a cloud application used by an organization is found to have a serious vulnerability?

    <p>Report the situation to the business owner of the application</p> Signup and view all the answers

    What is the best way to monitor for advanced persistent threats (APT) in an organization according to the text?

    <p>Searching for anomalies in the environment</p> Signup and view all the answers

    What is the most effective way to ensure an organization's disaster recovery plan can be carried out in an emergency according to the text?

    <p>Conducting quarterly disaster recovery drills</p> Signup and view all the answers

    What is the best indication of an effective information security awareness training program according to the text?

    <p>An increase in the identification rate during phishing simulations</p> Signup and view all the answers

    What is the most important consideration when developing an information security strategy according to the text?

    <p>Input from process owners</p> Signup and view all the answers

    What is the best way to determine asset valuation according to the text?

    <p>Considering potential business loss</p> Signup and view all the answers

    What is the first step in developing an information security strategy according to the text?

    <p>Performing a gap analysis based on the current state</p> Signup and view all the answers

    What is the best approach to lower the cost of implementing application security controls according to the text?

    <p>Automating the implementation process</p> Signup and view all the answers

    What is the primary objective of performing a post-incident review?

    <p>To identify the root cause</p> Signup and view all the answers

    What is the best technical defense against unauthorized access through social engineering?

    <p>Requiring multi-factor authentication</p> Signup and view all the answers

    What is the best evidence of alignment between corporate and information security governance?

    <p>Senior management sponsorship</p> Signup and view all the answers

    What is the primary concern for a multinational organization's CISO?

    <p>Developing a security program that meets global and regional requirements</p> Signup and view all the answers

    What is the best reason to conduct social engineering in a call center?

    <p>To identify candidates for additional security training</p> Signup and view all the answers

    What is the best course of action for an information security manager in response to users sharing a login account in violation of access policy?

    <p>Present the risk to senior management</p> Signup and view all the answers

    What must be defined for an information security manager to evaluate the appropriateness of controls currently in place?

    <p>Security policy</p> Signup and view all the answers

    What is the greatest concern from a penetration test showing vulnerabilities in an organization's external web application?

    <p>Exploit code for one of the vulnerabilities being publicly available</p> Signup and view all the answers

    When deciding the level of protection for an information asset, what provides the MOST guidance?

    <p>Impact to business function</p> Signup and view all the answers

    What is the BEST indication of information security strategy alignment with the organization's?

    <p>Number of business objectives directly supported by information security initiatives</p> Signup and view all the answers

    Which analysis will BEST identify the external influences to an organization's information security?

    <p>Threat analysis</p> Signup and view all the answers

    What is the MOST important detail to capture in an organization's risk register?

    <p>Risk ownership</p> Signup and view all the answers

    What is the most appropriate role to determine access rights for specific users of an application?

    <p>System administrator</p> Signup and view all the answers

    What is the best evidence to senior management that security control performance has improved?

    <p>Reduction in reported security incidents</p> Signup and view all the answers

    What is the best course of action when an online company discovers a network attack in progress?

    <p>Isolate the affected network segment</p> Signup and view all the answers

    What is the best tool to monitor the effectiveness of information security governance?

    <p>Balanced scorecard</p> Signup and view all the answers

    During the initiation phase of the system development life cycle (SDLC) for a software project, what should information security activities address?

    <p>Baseline security controls</p> Signup and view all the answers

    What is the most important element in achieving executive commitment to an information security governance program?

    <p>Identified business drivers</p> Signup and view all the answers

    What is the best course of action to minimize the risk of data exposure from a stolen personal mobile device?

    <p>Wipe the device remotely</p> Signup and view all the answers

    For aligning security operations with the IT governance framework, what is most helpful?

    <p>A security operations program</p> Signup and view all the answers

    What are recovery time objectives (RTOs) an output of?

    <p>Business impact analysis (BIA)</p> Signup and view all the answers

    What is the primary objective of performing a post-incident review?

    <p>Identify the root cause</p> Signup and view all the answers

    What is the reason for having an information security manager serve on the change management committee?

    <p>To advise on change-related risk</p> Signup and view all the answers

    What is the best evidence to senior management that security control performance has improved?

    <p>Reduction in reported security incidents</p> Signup and view all the answers

    What is the main purpose of senior management review and approval of an information security strategic plan?

    <p>To ensure the plan aligns with corporate governance</p> Signup and view all the answers

    What is the most important consideration when confirming a third-party provider's compliance with an organization's information security requirements?

    <p>Ensuring the right to audit is included in the service level agreement (SLA)</p> Signup and view all the answers

    How should an organization effectively manage emerging cyber risk?

    <p>By implementing cybersecurity policies</p> Signup and view all the answers

    What is the contribution of recovery point objective (RPO) to disaster recovery?

    <p>To define backup strategy</p> Signup and view all the answers

    What is the most effective way to help ensure procurement decisions consider information security concerns when an organization increasingly uses Software as a Service (SaaS)?

    <p>Integrating information security risk assessments into the procurement process</p> Signup and view all the answers

    What provides the most comprehensive insight into ongoing threats facing an organization?

    <p>The risk register</p> Signup and view all the answers

    What is the best way to communicate the effectiveness of an information security governance framework to stakeholders?

    <p>Establishing metrics for each milestone</p> Signup and view all the answers

    What is the most important aspect of developing a categorization method for security incidents?

    <p>Ensuring the categories have agreed-upon definitions</p> Signup and view all the answers

    What would be most useful to help senior management understand the status of information security compliance?

    <p>Key performance indicators (KPIs)</p> Signup and view all the answers

    What is the best risk treatment option to limit the risk exposure to the business when a legacy application cannot be patched?

    <p>Implementing a firewall in front of the legacy application</p> Signup and view all the answers

    What should be the first action when notified of a new vulnerability affecting key data processing systems?

    <p>Re-evaluating the risk</p> Signup and view all the answers

    What is the best way to ensure the capability to restore clean data after a ransomware attack?

    <p>Maintaining multiple offline backups</p> Signup and view all the answers

    What is the primary focus of information security controls according to the text?

    <p>Preventing unauthorized access to sensitive information</p> Signup and view all the answers

    What is the best approach for managing user access permissions to ensure alignment with data classification?

    <p>Reviewing access permissions annually or whenever job responsibilities change</p> Signup and view all the answers

    What is the primary reason to monitor key risk indicators (KRIs) related to information security?

    <p>To benchmark control performance</p> Signup and view all the answers

    What is the best method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

    <p>A parallel test</p> Signup and view all the answers

    What is the first step when creating an inventory of systems where personal data is stored for a new data protection program?

    <p>Creating an inventory of systems where personal data is stored</p> Signup and view all the answers

    What should the information security manager first determine when updating about a security incident to different audiences?

    <p>The needs and requirements of each audience</p> Signup and view all the answers

    What is the most common legal issue associated with a transborder flow of technology-related items?

    <p>Related to encryption tools and personal data</p> Signup and view all the answers

    What enhances the likelihood of secure handling of information according to security classification?

    <p>Labeling information according to security classification</p> Signup and view all the answers

    What should the security manager include in regular metrics to help senior management understand the risk?

    <p>Impact of security risks</p> Signup and view all the answers

    What is the best basis for determining the allocation of resources during a security incident response?

    <p>Impact of the security incident</p> Signup and view all the answers

    What is the most effective information security training program based on?

    <p>Employees' roles</p> Signup and view all the answers

    What is the best approach for an effective information security governance according to the text?

    <p>Integration with corporate governance</p> Signup and view all the answers

    What should the information security manager focus on when aligning a security awareness program with the organization's business strategy?

    <p>People and culture</p> Signup and view all the answers

    What is the best action to mitigate the risk of theft of tablets containing critical business data?

    <p>Conducting a mobile device risk assessment</p> Signup and view all the answers

    What is the strongest justification for granting an exception to the policy of disabling access to USB storage devices?

    <p>The benefit is greater than the potential risk</p> Signup and view all the answers

    What is the primary goal of the eradication phase in an incident response process?

    <p>Removing the threat and restoring affected systems</p> Signup and view all the answers

    What should the information security manager primarily focus on when developing an RFP for a new outsourced service?

    <p>Defining security requirements for the process being outsourced</p> Signup and view all the answers

    What has the greatest influence on the successful implementation of information security strategy goals?

    <p>Management support</p> Signup and view all the answers

    What is the most effective way to demonstrate alignment of information security strategy with business objectives?

    <p>Using a balanced scorecard</p> Signup and view all the answers

    What is the primary basis for information security strategy according to the text?

    <p>Organization's vision and mission</p> Signup and view all the answers

    What should the security manager do when senior management accepts the risk of noncompliance?

    <p>Update details in the risk register</p> Signup and view all the answers

    What should the security manager do if the organization plans to use social networks for promotion?

    <p>Assess security risks</p> Signup and view all the answers

    What should the incident response team document during the eradication phase of an incident response process?

    <p>Actions required to remove the threat</p> Signup and view all the answers

    What should information security be aligned with to optimize security risk management according to the text?

    <p>Organization's strategy</p> Signup and view all the answers

    What is the GREATEST benefit of information asset classification?

    <p>Providing a basis for implementing a need-to-know policy</p> Signup and view all the answers

    Before classifying a suspected event as a security incident, what is the MOST important for the security manager to do?

    <p>Notify the business process owner</p> Signup and view all the answers

    What should the information security manager do to address security risks not being treated in a timely manner?

    <p>Re-perform risk analysis at regular intervals</p> Signup and view all the answers

    Which provides the BEST assurance that security policies are applied across business operations?

    <p>Organizational standards are documented in operational procedures</p> Signup and view all the answers

    What should an organization FIRST do when developing a security strategy for a new service?

    <p>Perform a gap analysis against the current state</p> Signup and view all the answers

    What should an information security manager do FIRST when aligning incident response capability with a public cloud service provider?

    <p>Update the incident escalation process</p> Signup and view all the answers

    What should an information security manager do prior to conducting a forensic examination?

    <p>Create an image of the original data on new media</p> Signup and view all the answers

    What is the PRIMARY purpose of creating security policies?

    <p>Communicate management's security expectations</p> Signup and view all the answers

    What is the BEST method to protect against emerging advanced persistent threat (APT) actors?

    <p>Implementing proactive systems monitoring</p> Signup and view all the answers

    What is the PRIMARY advantage of performing black-box control tests as opposed to white-box control tests?

    <p>They simulate real-world attacks</p> Signup and view all the answers

    What is the BEST step to address a lost smartphone containing sensitive information?

    <p>Remotely wipe the device</p> Signup and view all the answers

    What will result in the MOST accurate controls assessment?

    <p>Senior management support</p> Signup and view all the answers

    What backup method requires the MOST time to restore data for an application?

    <p>Full backup</p> Signup and view all the answers

    What should an information security manager do FIRST upon learning of a major emerging threat?

    <p>Validate the relevance of the information</p> Signup and view all the answers

    What is the PRIMARY purpose of an organization's quality process in supporting security management?

    <p>Providing assurance that security requirements are met</p> Signup and view all the answers

    What should an organization do to remain operational during a disaster?

    <p>Invoke the Business Continuity Plan (BCP)</p> Signup and view all the answers

    Who is primarily accountable for the associated task within the organization when a lead security engineer identifies a major security vulnerability at the primary cloud provider?

    <p>Chief Information Security Officer (CISO)</p> Signup and view all the answers

    What is the most important requirement for a successful security program?

    <p>Management decision on asset value</p> Signup and view all the answers

    What is the best way to achieve compliance with new global regulations related to protection of personal information?

    <p>Determining current and desired state of controls</p> Signup and view all the answers

    What is the primary determination by asset classification?

    <p>Level of protection required for assets</p> Signup and view all the answers

    What is most important for the effective implementation of an information security governance program?

    <p>Program goals communicated and understood by the organization</p> Signup and view all the answers

    What has the most influence on the inherent risk of an information asset?

    <p>Business criticality</p> Signup and view all the answers

    What is the most important for the effective implementation of an information security governance program?

    <p>Program goals communicated and understood by the organization</p> Signup and view all the answers

    What is the most important to ensure when developing escalation procedures for an incident response plan?

    <p>Contact list is regularly updated</p> Signup and view all the answers

    What is most important for an information security manager to verify when selecting a third-party forensics provider?

    <p>Technical capabilities of the provider</p> Signup and view all the answers

    What should be information security's response when an employee clicked on a link in a phishing email, triggering a ransomware attack?

    <p>Isolate the impacted endpoints</p> Signup and view all the answers

    What is the best practice for ensuring integrity of the recovered system after an intrusion has been detected and contained?

    <p>Restore the OS, patches, and application from a backup</p> Signup and view all the answers

    What is the primary purpose of a post-incident review of an information security incident?

    <p>To prevent recurrence and improve incident response</p> Signup and view all the answers

    What is the most important factor in increasing the effectiveness of incident responders?

    <p>Testing response scenarios to improve preparedness</p> Signup and view all the answers

    What is the primary benefit of implementing a vulnerability assessment process?

    <p>Enhancing threat management and aiding in proactive risk management</p> Signup and view all the answers

    What is the first step when implementing a security program?

    <p>Performing a risk analysis to identify security vulnerabilities</p> Signup and view all the answers

    What is the best approach to ensure compliance with information security policy for a new application?

    <p>Review the security of the application before implementation</p> Signup and view all the answers

    What is the best course of action when an organization receives complaints about encrypted files and demands for money?

    <p>Isolate the affected systems</p> Signup and view all the answers

    What is the most important consideration when establishing an organization's information security governance committee?

    <p>Ensuring comprehensive representation from functions across the organization</p> Signup and view all the answers

    What is indicated when business needs are met within the stated recovery time objectives (RTOs)?

    <p>Effective testing of business continuity and disaster recovery plans</p> Signup and view all the answers

    What is the primary objective of a post-incident review of an information security incident?

    <p>To prevent recurrence and improve incident response</p> Signup and view all the answers

    What is the primary benefit of implementing a vulnerability assessment process?

    <p>Enhancing threat management and aiding in proactive risk management</p> Signup and view all the answers

    What is the best approach to ensure compliance with information security policy for a new application?

    <p>Review the security of the application before implementation</p> Signup and view all the answers

    What is the best course of action when an organization receives complaints about encrypted files and demands for money?

    <p>Isolate the affected systems</p> Signup and view all the answers

    What is the primary responsibility emphasized in the text for an information security manager when responding to a ransomware attack?

    <p>Ensure the business can operate</p> Signup and view all the answers

    Who should be responsible for calculating Business Impact Analysis (BIA) recovery time and cost estimates according to the text?

    <p>The business process owner</p> Signup and view all the answers

    What is the best way to determine if an information security profile is aligned with business requirements according to the text?

    <p>Review security-related key risk indicators (KRIs)</p> Signup and view all the answers

    What is the most important aspect for building a robust information security culture within an organization according to the text?

    <p>Senior management approval of information security policies</p> Signup and view all the answers

    What is the best position to evaluate business impacts according to the text?

    <p>The business process owner</p> Signup and view all the answers

    What should a newly hired information security manager tasked with developing and implementing an information security strategy find most useful according to the text?

    <p>The organization's mission statement and roadmap</p> Signup and view all the answers

    What is the most important consideration when incorporating media communication procedures into the security incident communication plan according to the text?

    <p>Include a single point of contact within the organization</p> Signup and view all the answers

    What is the primary responsibility of a privileged access management (PAM) system according to the text?

    <p>Enable regulatory compliance for employee account privilege removal</p> Signup and view all the answers

    What is the most important step before classifying a suspected event as a security incident according to the text?

    <p>Notify the business process owner</p> Signup and view all the answers

    What is the most important aspect for the information security manager in a rapidly changing environment according to the text?

    <p>Ensure periodic review of information security risk acceptance rationale</p> Signup and view all the answers

    What is the primary responsibility of the information security manager to enable regulatory compliance for employee account privilege removal according to the text?

    <p>Implement a privileged access management (PAM) system</p> Signup and view all the answers

    What is most helpful in determining the criticality of an organization's business functions according to the text?

    <p>Business impact analysis (BIA)</p> Signup and view all the answers

    What is the BEST way for an information security manager to ensure compliance with industry standards by a service provider?

    <p>An independent review report indicating compliance with industry standards</p> Signup and view all the answers

    What is the PRIMARY role of an information security manager in a software development project?

    <p>To enhance awareness for secure software design</p> Signup and view all the answers

    What is an information security manager's PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

    <p>Inconsistent device security</p> Signup and view all the answers

    When collecting admissible evidence, what is the MOST important requirement?

    <p>Chain of custody</p> Signup and view all the answers

    What is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

    <p>Monitor the effectiveness of controls</p> Signup and view all the answers

    Which of the following is the PRIMARY benefit of an information security awareness training program?

    <p>Influencing human behavior</p> Signup and view all the answers

    What is the MOST important detail to capture in an organization's risk register?

    <p>Risk ownership</p> Signup and view all the answers

    Which of the following is the MOST critical factor for information security program success?

    <p>The information security manager's knowledge of the business</p> Signup and view all the answers

    Which of the following is the BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

    <p>Assess the risk to the organization</p> Signup and view all the answers

    What is the PRIMARY advantage of single sign-on (SSO)?

    <p>Increase efficiency of access management</p> Signup and view all the answers

    Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

    <p>Digital encryption</p> Signup and view all the answers

    Reevaluation of risk is MOST critical when there is:

    <p>A change in the threat landscape</p> Signup and view all the answers

    Which of the following should be the MOST important consideration of business continuity management?

    <p>Ensuring human safety</p> Signup and view all the answers

    What is the PRIMARY advantage of performing black-box control tests as opposed to white-box control tests?

    <p>Simulating the perspective of an external attacker</p> Signup and view all the answers

    Which of the following is the MOST important detail to capture in an organization's risk register?

    <p>Risk ownership</p> Signup and view all the answers

    Which of the following is the BEST course of action to prevent further damage when an information security manager has been notified about a compromised endpoint device?

    <p>Isolate the endpoint device</p> Signup and view all the answers

    What is the primary focus when developing a business case for a new intrusion detection system?

    <p>Defining the issues to be addressed</p> Signup and view all the answers

    What is the best method to ensure compliance with password standards?

    <p>Automated enforcement of password syntax rules</p> Signup and view all the answers

    What is the most important aspect to ensuring information stored by an organization is protected appropriately?

    <p>Assigning information asset ownership</p> Signup and view all the answers

    What is the best way to ensure organizational support for the implementation of security controls?

    <p>Establishing effective stakeholder relationships</p> Signup and view all the answers

    What is the best justification for making a revision to a password policy?

    <p>A risk assessment</p> Signup and view all the answers

    What is the primary focus of the information security manager when a risk owner accepts a large amount of risk due to high cost of controls?

    <p>Establishing a strong ongoing risk monitoring process</p> Signup and view all the answers

    What is the first consideration when moving to a cloud-based model?

    <p>Data classification</p> Signup and view all the answers

    What greatly reduces security administration efforts?

    <p>Role-based access control</p> Signup and view all the answers

    What is the best method to ensure compliance with password standards?

    <p>Automated enforcement of password syntax rules</p> Signup and view all the answers

    What is the best way to ensure organizational support for the implementation of security controls?

    <p>Establishing effective stakeholder relationships</p> Signup and view all the answers

    What is the best justification for making a revision to a password policy?

    <p>A risk assessment</p> Signup and view all the answers

    What is the primary focus of the information security manager when a risk owner accepts a large amount of risk due to high cost of controls?

    <p>Establishing a strong ongoing risk monitoring process</p> Signup and view all the answers

    What is the primary focus of the text's multiple-choice questions related to information security management?

    <p>Addressing security challenges within an organization</p> Signup and view all the answers

    What does the text emphasize about the preparation of incident response teams?

    <p>Highlighting the need for diverse skill sets and effective communication</p> Signup and view all the answers

    What is highlighted as essential for managing information security incidents, change management, and disaster recovery?

    <p>Proper management and effective recovery planning</p> Signup and view all the answers

    What is the main purpose of senior management review and approval of an information security strategic plan?

    <p>To demonstrate commitment to security</p> Signup and view all the answers

    What is the primary benefit of aligning information security governance with corporate governance?

    <p>Enhancing overall organizational governance</p> Signup and view all the answers

    What does the text stress the importance of in protecting data and establishing effective incident management procedures and policies?

    <p>Proactive protection and effective incident management</p> Signup and view all the answers

    What is the best approach for an effective information security training program?

    <p>Tailoring training to specific job roles and including real-life examples</p> Signup and view all the answers

    What is the primary responsibility emphasized in the questions for an information security manager when implementing company-owned mobile devices?

    <p>Ensuring proper security measures for company-owned mobile devices</p> Signup and view all the answers

    What is the most important aspect of developing a categorization method for security incidents?

    <p>Ensuring clear and effective incident classification</p> Signup and view all the answers

    What is the primary benefit of maintaining an information security governance framework?

    <p>Enhancing overall organizational governance</p> Signup and view all the answers

    What is the best technical defense against unauthorized access through social engineering?

    <p>Implementing robust access controls</p> Signup and view all the answers

    What is the primary benefit of implementing a vulnerability assessment process?

    <p>Enhancing overall organizational security</p> Signup and view all the answers

    What is the best approach for creating a security policy for a global organization subject to varying laws and regulations?

    <p>Establish baseline standards for all locations and add supplemental standards as required</p> Signup and view all the answers

    What is the primary focus of information security governance?

    <p>Integrating information security into corporate governance</p> Signup and view all the answers

    What is the best way to facilitate staff acceptance of information security policies?

    <p>Strong senior management support</p> Signup and view all the answers

    What is the most critical for information security governance, in addition to executive sponsorship and business alignment?

    <p>Ownership of security</p> Signup and view all the answers

    What is the best way to ensure appropriate security controls are built into software?

    <p>Integrating security throughout the development process</p> Signup and view all the answers

    What is the best containment strategy for a distributed denial of service (DDoS) attack?

    <p>Redirect the attacker's traffic</p> Signup and view all the answers

    What should be included in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

    <p>The estimated reduction in risk</p> Signup and view all the answers

    What is the best way to reduce risk from increasing cyberattacks for a financial company?

    <p>Revalidate and mitigate risks to an acceptable level</p> Signup and view all the answers

    What is the most effective way to demonstrate alignment of information security strategy with business objectives?

    <p>Integrating information security into corporate governance</p> Signup and view all the answers

    What will an email digital signature verify to the recipient?

    <p>The integrity of an email message</p> Signup and view all the answers

    What is the best way to ensure the capability to restore clean data after a ransomware attack?

    <p>Regularly backing up data and testing the restoration process</p> Signup and view all the answers

    What is the primary benefit of aligning information security governance with corporate governance?

    <p>Ensuring that security initiatives support business objectives</p> Signup and view all the answers

    What is the BEST approach for an information security manager to take if a soon-to-be deployed online application will increase risk beyond acceptable levels?

    <p>Present a business case for additional controls to senior management</p> Signup and view all the answers

    What would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

    <p>Management's business goals and objectives</p> Signup and view all the answers

    What should be the information security manager's FIRST step in addressing an issue where an IT employee made a change to a firewall rule outside of the change control process?

    <p>Review the change management process</p> Signup and view all the answers

    How are the relationships between critical systems BEST understood?

    <p>Performing a business impact analysis (BIA)</p> Signup and view all the answers

    What is the primary focus of information security governance?

    <p>Ensuring that information security strategies align with business objectives</p> Signup and view all the answers

    What is the most important aspect of developing a categorization method for security incidents?

    <p>Assessing the severity of the security incidents</p> Signup and view all the answers

    What is the best way to ensure organizational support for the implementation of security controls?

    <p>Aligning security controls with business objectives</p> Signup and view all the answers

    What is the primary objective of a post-incident review of an information security incident?

    <p>Identifying opportunities for improvement in incident response</p> Signup and view all the answers

    What is the best way to demonstrate alignment of information security strategy with business objectives?

    <p>Quantifying the impact of the security strategy on organizational goals</p> Signup and view all the answers

    What is the primary benefit of aligning information security governance with corporate governance?

    <p>Ensuring compliance with legal and regulatory requirements</p> Signup and view all the answers

    What is the primary responsibility emphasized in the questions for an information security manager when implementing company-owned mobile devices?

    <p>Managing the risks associated with mobile device usage</p> Signup and view all the answers

    What is the best technical defense against unauthorized access through social engineering?

    <p>Multi-factor authentication</p> Signup and view all the answers

    What is the primary focus when developing a business case for a new intrusion detection system?

    <p>Quantifying the benefits in reducing security risks</p> Signup and view all the answers

    What is the best way to ensure the capability to restore clean data after a ransomware attack?

    <p>Maintaining offline backups of critical data</p> Signup and view all the answers

    What is the most effective way to prevent information security incidents?

    <p>Conducting regular security awareness training for employees</p> Signup and view all the answers

    What is the best method for determining whether a firewall has been configured to provide a comprehensive perimeter defense?

    <p>Validating the current firewall rule set</p> Signup and view all the answers

    What is the most important factor of a successful information security program?

    <p>Risk management</p> Signup and view all the answers

    What is the primary benefit of involving end users in continuity planning?

    <p>Better understanding of specific business needs</p> Signup and view all the answers

    What is the first step when a mandatory security standard hinders the achievement of an identified business objective?

    <p>Escalating to senior management</p> Signup and view all the answers

    What is the most important aspect for the information security manager in a rapidly changing environment?

    <p>Aligning with industry best practices</p> Signup and view all the answers

    What is the best method to ensure compliance with password standards?

    <p>Aligning with industry best practices</p> Signup and view all the answers

    What is the primary focus of information security governance?

    <p>Meeting the needs of the business</p> Signup and view all the answers

    What is the most effective way to demonstrate alignment of information security strategy with business objectives?

    <p>Aligning with industry best practices</p> Signup and view all the answers

    What is the most important aspect to ensuring information stored by an organization is protected appropriately?

    <p>Risk management</p> Signup and view all the answers

    What is the best approach for managing user access permissions to ensure alignment with data classification?

    <p>Risk management</p> Signup and view all the answers

    What should be the primary basis for a severity hierarchy for information security incident classification?

    <p>Risk management</p> Signup and view all the answers

    What is the best containment strategy for a distributed denial of service (DDoS) attack?

    <p>Risk management</p> Signup and view all the answers

    Study Notes

    Information Security Management Summary

    • The purpose of the text is to provide information on various scenarios and questions related to information security management.
    • The scenarios and questions cover topics such as risk assessment, incident response, change management, security awareness, disaster recovery, and data protection.
    • The text includes multiple-choice questions and answers related to information security management practices.
    • It emphasizes the importance of involving key stakeholders in risk assessment, incident response planning, and security governance.
    • It highlights the need for clear documentation, communication, and coordination in managing information security incidents, change management, and disaster recovery.
    • It underscores the significance of aligning security with business goals, conducting business impact analysis, and integrating information security governance into corporate governance.
    • It stresses the importance of prioritizing recovery of services, protecting data, and establishing effective incident management procedures and policies.
    • The text emphasizes the need for senior leadership involvement in evaluating security metrics, incident response tests, and reported security incidents to understand an organization's security posture.

    Information Security Manager's Next Steps

    • Information security manager should define control requirements to support incident response effectiveness.
    • An effective information security training program should be based on employees' roles for maximum impact.
    • Post-incident review is the best process to evaluate incident response effectiveness.
    • Integrating security activities within the development process is the best option to lower the cost of implementing application security controls.
    • The primary responsibility of an information security manager is to review and update existing security policies when implementing company-owned mobile devices.
    • The return on information security investment is the best metric to measure the effectiveness of an organization's information security program.
    • To promote the relevance and contribution of security, it is important for an information security manager to overcome the perception that security is a hindrance to business activities.
    • Defined security standards are most helpful for protecting an enterprise from advanced persistent threats (APTs).
    • The information security manager's decision on the best controls to mitigate risk should be mainly driven by regulatory requirements.
    • Defined levels of severity best determine the allocation of resources during a security incident response.
    • Conducting a business impact analysis (BIA) is the first step an information security manager should take when creating an organization's disaster recovery plan (DRP).
    • The first step to establishing an effective information security program is to create a business case.

    Information Security Management Summary

    • Incident response plan development should primarily consider compliance with regulations.
    • Following the identification of a malware incident, recovery must happen immediately.
    • Introducing a single point of administration in network monitoring promotes efficiency in control of the environment.
    • Ensuring a new server is appropriately secured is most effectively done by enforcing technical security standards.
    • Creating and externally storing the disk hash value during forensic data acquisition from a hard disk primarily validates the integrity during analysis.
    • In a successful recovery from a malware attack, instances of the malware continuing to be discovered indicate an unsuccessful eradication phase in incident response.
    • When a cloud application used by an organization is found to have a serious vulnerability, the best course of action is to report the situation to the business owner of the application.
    • An increase in the identification rate during phishing simulations is the best indication of an effective information security awareness training program.
    • Process owners' input is of greatest importance in the development of an information security strategy.
    • The best way to monitor for advanced persistent threats (APT) in an organization is to search for anomalies in the environment.
    • When determining asset valuation, the most important consideration is the potential business loss.
    • The first step in developing an information security strategy should be to perform a gap analysis based on the current state.
    • An information security manager's most important consideration when developing a multi-year plan should be ensuring alignment with the plans of other business units.

    Information Security Management Summary

    • Effective information security program requires senior management support
    • Incident notification process can be evaluated using elapsed time between detection, reporting, and response
    • Security information and event management (SIEM) system's greatest value is in facilitating the monitoring of risk occurrences
    • Best technical defense against unauthorized access through social engineering is requiring multi-factor authentication
    • Primary objective of performing a post-incident review is to identify the root cause
    • Useful information for planning compliance action plan includes results from a gap analysis
    • Best evidence of alignment between corporate and information security governance is senior management sponsorship
    • Concern for a multinational organization's CISO is developing a security program that meets global and regional requirements
    • Best reason to conduct social engineering in a call center is to identify candidates for additional security training
    • Information security manager's best course of action in response to users sharing a login account in violation of access policy is to present the risk to senior management
    • Security policy must be defined for an information security manager to evaluate the appropriateness of controls currently in place
    • Greatest concern from a penetration test showing vulnerabilities in an organization's external web application is exploit code for one of the vulnerabilities being publicly available

    Information Security Management Summary

    • Organization plans to use social networks for promotion, security manager's best course of action is to assess security risks.
    • Primary basis for information security strategy should be the organization's vision and mission.
    • When senior management accepts risk of noncompliance, the information security manager should update details in the risk register.
    • To align a security awareness program with the organization's business strategy, the most important consideration is people and culture.
    • To mitigate the risk of theft of tablets containing critical business data, the best action is to conduct a mobile device risk assessment.
    • Information security should be aligned with the organization's strategy to optimize security risk management.
    • To demonstrate alignment of information security strategy with business objectives, the most effective way is to use a balanced scorecard.
    • Strongest justification for granting an exception to the policy of disabling access to USB storage devices is that the benefit is greater than the potential risk.
    • Incident response team should document actions required to remove the threat during the eradication phase.
    • The primary goal of the eradication phase in an incident response process is to remove the threat and restore affected systems.
    • Information security manager developing an RFP for a new outsourced service should focus primarily on defining security requirements for the process being outsourced.
    • Management support has the greatest influence on the successful implementation of information security strategy goals.

    Information Security Management Questions and Answers

    • Lead security engineer identifies major security vulnerability at primary cloud provider
    • Who is primarily accountable for the associated task within the organization: data owner
    • Most important requirement for a successful security program: management decision on asset value
    • Best way to achieve compliance with new global regulations related to protection of personal information: determine current and desired state of controls
    • Primary determination by asset classification: level of protection required for assets
    • Most important for the effective implementation of an information security governance program: program goals communicated and understood by the organization
    • Most influence on the inherent risk of an information asset: business criticality
    • Critical server for a hospital encrypted by ransomware; most effective solution to avoid paying the ransom: properly tested offline backup system
    • Most important to ensure when developing escalation procedures for an incident response plan: contact list is regularly updated
    • Most important for an information security manager to verify when selecting a third-party forensics provider: technical capabilities of the provider
    • Employee clicked on a link in a phishing email, triggering a ransomware attack; information security's response: isolate the impacted endpoints
    • Intrusion detected and contained; best practice for ensuring integrity of the recovered system: restore the OS, patches, and application from a backup

    Information Security Management Exam Prep

    • Incident management process for attacks on an organization's supply chain can be supported by establishing communication paths with vendors
    • The best position to evaluate business impacts is held by the process manager
    • Before classifying a suspected event as a security incident, it is most important for the security manager to notify the business process owner
    • In a rapidly changing environment, the information security manager must ensure that the rationale for acceptance of information security risk is periodically reviewed
    • Business impact analysis (BIA) recovery time and cost estimates should be calculated by the business process owner
    • The organization's mission statement and roadmap would be most useful to a newly hired information security manager tasked with developing and implementing an information security strategy
    • To enable regulatory compliance for employee account privilege removal, a privileged access management (PAM) system would be best
    • When incorporating media communication procedures into the security incident communication plan, it is most important to include a single point of contact within the organization
    • Business impact analysis (BIA) is most helpful in determining the criticality of an organization's business functions
    • The best way to determine if an information security profile is aligned with business requirements is to review security-related key risk indicators (KRIs)
    • The most important aspect for building a robust information security culture within an organization is senior management approval of information security policies
    • The primary consideration when responding to a ransomware attack should be to ensure the business can operate

    Information Security Practice Questions Summary

    • The principle of least privilege primarily requires the identification of job duties.
    • The best approach for creating a security policy for a global organization subject to varying laws and regulations is to establish baseline standards for all locations and add supplemental standards as required.
    • To reduce risk from increasing cyberattacks, a financial company should revalidate and mitigate risks to an acceptable level.
    • Effective information security governance is indicated by integrating information security into corporate governance.
    • Strong senior management support is the best way to facilitate staff acceptance of information security policies.
    • Simulating realistic test scenarios best facilitates effective incident response testing.
    • A viable containment strategy for a distributed denial of service (DDoS) attack is to redirect the attacker's traffic.
    • When the return on investment (ROI) for an information security initiative is difficult to calculate, the best thing to include in a business case is the estimated reduction in risk.
    • Integrating security throughout the development process is the best way to ensure appropriate security controls are built into software.
    • Ownership of security is the most critical for information security governance, in addition to executive sponsorship and business alignment.
    • When investigating an information security incident, details of the incident should be shared only as needed.
    • An email digital signature will verify to the recipient the integrity of an email message.

    Information Security Manager Practice Questions

    • Policies are updated annually and aligned with industry best practices
    • Senior management supports the policies
    • Violation of a policy prohibiting the use of cameras at the office due to smartphones and tablet computers with enabled web cameras
    • Concerns about conflicting access rights during the integration of a new company
    • Deficiencies in the incident response plan observed during a high-profile security incident
    • Independent penetration test results show a high-rated vulnerability in a cloud-based application
    • Importance of information security governance in meeting the needs of the business
    • Validation of the current firewall rule set is the best method for determining whether a firewall has been configured to provide a comprehensive perimeter defense
    • Risk management is the most important factor of a successful information security program
    • Necessity to quickly shift to a work-from-home model with an increased need for remote access security
    • Escalating to senior management is the first step when a mandatory security standard hinders the achievement of an identified business objective
    • Involving end users in continuity planning is advantageous due to their better understanding of specific business needs

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Description

    Test your knowledge of information security management with this quiz covering risk assessment, incident response, change management, security awareness, disaster recovery, and data protection. Challenge yourself with multiple-choice questions and gain insights into involving key stakeholders, documentation, communication, and aligning security with business goals.

    More Like This

    Cyber 3
    72 questions

    Cyber 3

    CourtlyErudition avatar
    CourtlyErudition
    CISM PDFs clean
    277 questions

    CISM PDFs clean

    BeneficialSagacity1258 avatar
    BeneficialSagacity1258
    Gestión de Incidentes y Respuesta
    50 questions
    Use Quizgecko on...
    Browser
    Browser