An organization experienced a breach which was successfully contained and remediated. Based on industry regulations, the breach needs to be communicated externally. What should the information security manager do NEXT?

A. Refer to the incident response plan.
B. Send out a breach notification to all parties involved.
C. Contact the board of directors.
D. Invoke the corporate communications plan.

An information security manager is analyzing a risk that is believed to be severe, but lacks numerical evidence to determine the impact the risk could have on the organization. In this case the information security manager should:

A. use a qualitative method to assess the risk.
B. use a quantitative method to assess the risk.
C. put it in the priority list in order to gain time to collect more data.
D. ask management to increase staff in order to collect more evidence on severity.

An organization finds unauthorized software has been installed on a number of workstations. The software was found to contain a Trojan which had been uploading data to an unknown external party. Which of the following would have BEST prevented the installation of the unauthorized software?

A. Implementing application blacklisting
B. Implementing an intrusion detection system (IDS)
C. Banning executable file downloads at the Internet firewall
D. Removing local administrator rights

An attacker was able to gain access to an organization's perimeter firewall and made changes to allow wider external access and to steal data. Which of the following would have BEST provided timely identification of this incident?

A. Deploying a security information and event management system (SIEM)
B. Deploying an intrusion prevention system (IPS)
C. Implementing a data loss prevention (DLP) suite
D. Conducting regular system administrator awareness training

Which of the following would be of GREATEST assistance in determining whether to accept residual risk of a critical security system?

A. Maximum tolerable outage (MTO)
B. Cost-benefit analysis of mitigating controls
C. Annual loss expectancy (ALE)
D. Approved annual budget

A third-party service provider has proposed a data loss prevention (DLP) solution. Which of the following MUST be in place for this solution to be relevant to the organization?

A. Senior management support
B. A data classification schema
C. An adequate data testing environment
D. A business case

What information is MOST helpful in demonstrating to senior management how information security governance aligns with business objectives?

A. Updates on information security projects in development
B. Drafts of proposed policy changes
C. Metrics of key information security deliverables
D. A list of monitored threats, risks, and exposures

Which of the following would contribute MOST to employees' understanding of data handling responsibilities?

A. Demonstrating support by senior management of the security program
B. Requiring staff acknowledgement of security policies
C. Labeling documents according to appropriate security classification
D. Implementing a tailored security awareness training program

Which of the following BEST indicates an effective vulnerability management program?

A. Risks are managed within acceptable limits.
B. Threats are identified accurately.
C. Vulnerabilities are managed proactively.
D. Vulnerabilities are reported in a timely manner.

Which of the following is the GREATEST potential exposure created by outsourcing to an application service provider?

A. Denial of service attacks
B. Combining incompatible duties
C. Mixing of data
D. Lack of technical expertise