Your IT auditor is reviewing significant events from the previous year and has identified some procedural oversights.
Which of the following would be the MOST concerning?
Answer : D
Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?
Answer : C
The Information Security Management program MUST protect:
Answer : D
Dataflow diagrams are used by IT auditors to:
Answer : A
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
Answer : B
The purpose of NIST SP 800-53 as part of the NIST System Certification and Accreditation Project is to establish a set of standardized, minimum security controls for IT systems addressing low, moderate, and high levels of concern for:
Answer : D
An organization is required to implement background checks on all employees with access to databases containing credit card information. This is considered a security___________.
Answer : B
Information security policies should be reviewed _____________________.
Answer : D
Risk is defined as:
Answer : D
In which of the following cases, would an organization be more prone to risk acceptance vs. risk mitigation?
Answer : D
The regular review of a firewall ruleset is considered a _______________________.
Answer : A
The exposure factor of a threat to your organization is defined by?
Answer : B
The Information Security Governance program MUST:
Answer : C
You have recently drafted a revised information security policy. From whom should you seek endorsement in order to have the GREATEST chance for adoption and implementation throughout the entire organization?
Answer : A
Which of the following is a benefit of a risk-based approach to audit planning?
Answer : A