Which of the following risks would BEST be assessed using qualitative risk assessment techniques?
A. Theft of purchased software
B. Power outage lasting 24 hours
C. Permanent decline in customer confidence
D. Temporary loss of e-mail due to a virus attack
Information security policies should:
A. address corporate network vulnerabilities.
B. address the process for communicating a violation.
C. be straightforward and easy to understand.
D. be customized to specific groups and roles.
The PRIMARY purpose of involving third-party teams for carrying out post event reviews of information security incidents is to:
A. enable independent and objective review of the root cause of the incidents.
B. obtain support for enhancing the expertise of the third-party teams.
C. identify lessons learned for further improving the information security management process.
D. obtain better buy-in for the information security program.
When performing a business impact analysis (BIA), who should be responsible for determining the initial recovery time objective (RTO)?
A. External consultant
B. Information owners
C. Information security manager
D. Business continuity coordinator
An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?
A. Conduct user awareness training within the IT function.
B. Propose that IT update information security policies and procedures.
C. Determine the risk related to noncompliance with the policy.
D. Request that internal audit conduct a review of the policy development process,
Which of the following is the FIRST step to establishing an effective information security program?
A. Conduct a compliance review.
B. Assign accountability.
C. Perform a business impact analysis (BIA).
D. Create a business case.
The BEST way to avoid session hijacking is to use:
A. strong password controls.
B. a firewall.
C. a reverse lookup.
D. a secure protocol.
Which of the following is the MOST effective way to help ensure web developers understand the growing severity of web application security risks?
A. Standardize secure web development practices
B. Integrate security into the early phases of the development life cycle
C. Incorporate security requirements into job descriptions
D. Implement a tailored security awareness training program
An organization that conducts business globally is planning to utilize a third-party service provider to process payroll information. Which of the following issues poses the GREATEST risk to the organization?
A. The third party has not provided evidence of compliance with local regulations where data is generated.
B. The third party does not have an independent assessment of controls available for review.
C. The third party's service level agreement (SLA) does not include guarantees of uptime.
D. The third-party contract does not include an indemnity clause for compensation in the event of a breach.
During the implementation of a new system, which of the following processes proactively minimizes the likelihood of disruption unauthorized alterations and errors?
A. Password management
B. Version management
C. Change management
D. Configuration management