Which of the following is the MOST important factor of a successful information security program?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Of the following, who is BEST suited to own the risk discovered in an application?
Which of the following is the MOST important factor in an organization ' s selection of a key risk indicator (KRI)?
Which of the following BEST supports the adoption of effective information security practices throughout an organization?
The PRIMARY objective of a post-incident review of an information security incident is to:
In order to understand an organization ' s security posture, it is MOST important for an organization ' s senior leadership to:
Which of the following should be an information security manager s MOST important consideration when determining the priority for implementing security controls?
An organization has identified a large volume of old data that appears to be unused. Which of the following should the information
security manager do NEXT?
The BEST way to identify the risk associated with a social engineering attack is to:
Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?
A department has reported that a security control is no longer effective. Which of the following is the information security manager ' s BEST course of action?
A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager ' s BEST course of action?
When an organization lacks internal expertise to conduct highly technical forensics investigations, what is the BEST way to ensure effective and timely investigations following an information security incident?
Which of the following BEST mitigates the risk of information loss caused by a cloud service provider becoming insolvent?
What is the BEST way to address vulnerabilities associated with a recent increase in the number of zero-day attacks?
Which of the following is the BEST approach for addressing noncompliance with security standards?
How does an organization PRIMARILY benefit from the creation of an information security steering committee?