- (Topic 5)
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?
Correct Answer:
C
- (Topic 5)
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
Which of the following frameworks and standards will BEST fit the organization as a baseline for their security program?
Correct Answer:
B
- (Topic 1)
Which of the following has the GREATEST impact on the implementation of an information security governance model?
Correct Answer:
D
- (Topic 1)
Which of the following is the MOST important for a CISO to understand when identifying threats?
Correct Answer:
A
- (Topic 2)
Which of the following is the MOST important reason to measure the effectiveness of an Information Security Management System (ISMS)?
Correct Answer:
C