An organization is planning to outsource the execution of its disaster recovery activities. Which of the following would be MOST important to include in the outsourcing agreement?
Which of the following is the MOST important consideration when defining control objectives?
An information security manager is MOST likely to obtain approval for a new security project when the business case provides evidence of:
Which of the following is the BEST way to improve an organization ' s ability to detect and respond to incidents?
Which of the following is the BEST way to ensure the business continuity plan (BCP) is current?
Which of the following is the BEST course of action when using a web application that has known vulnerabilities?
Of the following, who is MOST appropriate to own the risk associated with the failure of a privileged access control?
An information security manager learns of a new standard related to an emerging technology the organization wants to implement. Which of the following should the information security manager recommend be done FIRST?
While classifying information assets an information security manager notices that several production databases do not have owners assigned to them What is the BEST way to address this situation?
An incident handler is preparing a forensic image of a hard drive. Which of the following MUST be done to provide evidence that the image is an exact copy of the original?
Which of the following should an information security manager do FIRST when creating an organization ' s disaster recovery plan (DRP)?
To optimize the implementation of information security governance in an organization, an information security manager should:
Which of the following events is MOST likely to require an organization to revisit its information security framework?
Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?
Which of the following is the MOST effective way to detect security incidents?
An organization has implemented a new customer relationship management (CRM) system. Who should be responsible for enforcing authorized and controlled access to the CRM data?
Which of the following BEST facilitates the development of a comprehensive information security policy?