An information security risk analysis BEST assists an organization in ensuring that:
Correct Answer:
B
🗳️
In a multinational organization, local security regulations should be implemented over global security policy because:
Correct Answer:
D
🗳️
To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST:
Correct Answer:
D
🗳️
When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?
Correct Answer:
D
🗳️
Which of the following is the BEST way to build a risk-aware culture?
Correct Answer:
C
🗳️
What would be an information security manager's BEST recommendation upon learning that an existing contract with a third party does not clearly identify requirements for safeguarding the organization's critical data?
Correct Answer:
C
🗳️
An organization has purchased a security information and event management (SIEM) tool. Which of the following is MOST important to consider before implementation?
Correct Answer:
A
🗳️
Which of the following is MOST likely to be included in an enterprise security policy?
Correct Answer:
A
🗳️
Which of the following should an information security manager do FIRST when a legacy application is not compliant with a regulatory requirement, but the business unit does not have the budget for remediation?
Correct Answer:
D
🗳️
Which of the following is the MOST effective way to address an organization's security concerns during contract negotiations with a third party?
Correct Answer:
B
🗳️