Topic 1: Governance (Policy, Legal & Compliance)
Which of the following functions MUST your Information Security Governance program include for formal organizational reporting?
A.
Audit and Legal
B.
Budget and Compliance
C.
Human Resources and Budget
D.
Legal and Human Resources
Audit and Legal
What is the first thing that needs to be completed in order to create a security program for your organization?
A.
Risk assessment
B.
Security program budget
C.
Business continuity plan
D.
Compliance and regulatory analysis
Risk assessment
A.
The types of cardholder data retained
B.
The duration card holder data is retained
C.
The size of the organization processing credit card data
D.
The number of transactions performed per year by an organization
The number of transactions performed per year by an organization
You have purchased a new insurance policy as part of your risk strategy. Which of the following risk strategy options have you engaged in?
A.
Risk Avoidance
B.
Risk Acceptance
C.
Risk Transfer
D.
Risk Mitigation
Risk Transfer
If your organization operates under a model of "assumption of breach", you should:
A.
Protect all information resource assets equally
B.
Establish active firewall monitoring protocols
C.
Purchase insurance for your compliance liability
D.
Focus your security efforts on high value assets
Purchase insurance for your compliance liability
Page 1 out of 89 Pages |