A cloud application used by an organization is found to have a serious vulnerability. After assessing the risk, which of the following would be the information security manager's BEST course of action?
Which of the following parties should be responsible for determining access levels to an application that processes client information?
A Seat a-hosting organization's data center houses servers, appli
BEST approach for developing a physical access control policy for the organization?
Which of the following sources is MOST useful when planning a business-aligned information security program?
Which of the following is MOST important to have in place to help ensure an organization's cybersecurity program meets the needs of the business?
Which of the following is the BEST way to achieve compliance with new global regulations related to the protection of personal information?
The BEST way to ensure that frequently encountered incidents are reflected in the user security awareness training program is to include:
An organization faces severe fines and penalties if not in compliance with local regulatory requirements by an established deadline. Senior management has asked the information security manager to prepare an action plan to achieve compliance.
Which of the following would provide the MOST useful information for planning purposes? »
Which of the following is the BEST way for an organization to ensure that incident response teams are properly prepared?
Following a successful attack, an information security manager should be confident the malware @ continued to spread at the completion of which incident response phase?
Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?
Which of the following BEST enables staff acceptance of information security policies?
The MOST important element in achieving executive commitment to an information security governance program is:
What is the PRIMARY benefit to an organization that maintains an information security governance framework?
An information security manager learns that a risk owner has approved exceptions to replace key controls with weaker compensating controls to improve process efficiency. Which of the following should be the GREATEST concern?
Which of the following should an information security manager do FIRST when a mandatory security standard hinders the achievement of an identified business objective?
Which of the following is MOST helpful for protecting an enterprise from advanced persistent threats (APTs)?
An information security manager determines there are a significant number of exceptions to a newly released industry-required security standard. Which of the following should be done NEXT?
A security incident has been reported within an organization. When should an inforrnation security manager contact the information owner? After the:
A critical server for a hospital has been encrypted by ransomware. The hospital is unable to function effectively without this server Which of the following would MOST effectively allow the hospital to avoid paying the ransom?
An information security manager has been notified about a compromised endpoint device Which of the following is the BEST course of action to prevent further damage?
Which of the following plans should be invoked by an organization in an effort to remain operational during a disaster?
An information security manager learns that IT personnel are not adhering to the information security policy because it creates process inefficiencies. What should the information security manager do FIRST?
Which of the following is the BEST approach to make strategic information security decisions?
Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?
Which of the following is the BEST indication of information security strategy alignment with the “&
Management has announced the acquisition of a new company. The information security manager of the parent company is concerned that conflicting access rights may cause critical information to be exposed during the integration of the two companies. To BEST address this concern, the information security manager should:
Which of the following is an information security manager's MOST important course of action when responding to a major security incident that could disrupt the business?
Which of the following is the BEST technical defense against unauthorized access to a corporate network through social engineering?
Which of the following is a PRIMARY benefit of managed security solutions?
Which of the following provides the MOST comprehensive insight into ongoing threats facing an organization?
Which of the following BEST ensures information security governance is aligned with corporate governance?
To support effective risk decision making, which of the following is MOST important to have in place?
To confirm that a third-party provider complies with an organization's information security requirements, it is MOST important to ensure:
When collecting admissible evidence, which of the following is the MOST important requirement?
Which of the following is the PRIMARY reason to perform regular reviews of the cybersecurity threat landscape?
Which of the following should be the MOST important consideration of business continuity management?
The PRIMARY benefit of introducing a single point of administration in network monitoring is that it:
ACISO learns that a third-party service provider did not notify the organization of a data breach that affected the service provider's data center. Which of the following should the CISO do FIRST?
Which of the following is the MOST effective way to prevent information security incidents?
In an organization with a rapidly changing environment, business management has accepted an information security risk. It is MOST important for the information security manager to ensure: