EISM 512-50 ECCouncil Study Notes

Page: 8 / 14

Question 32

When managing the critical path of an IT security project, which of the following is MOST important?

Options:

Knowing who all the stakeholders are.

Knowing the people on the data center team.

Knowing the threats to the organization.

Knowing the milestones and timelines of deliverables.

Question 33

When selecting a security solution with reoccurring maintenance costs after the first year (choose the BEST answer):

Options:

The CISO should cut other essential programs to ensure the new solution’s continued use

Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution’s continued use

Defer selection until the market improves and cash flow is positive

Implement the solution and ask for the increased operating cost budget when it is time

Question 34

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset. What did the CISO do wrong? (choose the BEST answer):