- (Topic 2)
As the new CISO at the company you are reviewing the audit reporting process and notice that it includes only detailed technical diagrams. What else should be in the reporting process?
Correct Answer:A
- (Topic 1)
Payment Card Industry (PCI) compliance requirements are based on what criteria?
Correct Answer:D
- (Topic 2)
Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?
Correct Answer:A
- (Topic 2)
Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?
Correct Answer:A
- (Topic 5)
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
What type of control is being implemented by supervisors and data owners?
Correct Answer:B
- (Topic 1)
According to ISO 27001, of the steps for establishing an Information Security Governance program listed below, which comes first?
Correct Answer:D