An information security manager has been asked to determine whether an information security initiative has reduced risk to an acceptable level. Which of the following activities would provide the BEST information for the information security manager to draw a conclusion?

A. Initiating a cost-benefit analysis of the implemented controls
B. Reviewing the risk register
C. Conducting a business impact analysis (BIA)
D. Performing a risk assessment

Who is MOST important to include when establishing the response process for a significant security breach that would impact the IT infrastructure and cause customer data loss?

A. An independent auditor for identification of control deficiencies
B. A damage assessment expert for calculating losses
C. A forensics expert for evidence management
D. A penetration tester to validate the attack

What is the MAIN reason for an organization to develop an incident response plan?

A. Trigger immediate recovery procedures.
B. Identify training requirements for the incident response team.
C. Prioritize treatment based on incident criticality.
D. Provide a process for notifying stakeholders of the incident.

In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?

A. Access to the hardware
B. Data encryption
C. Non-standard event logs
D. Compressed customer data

An information security manager developing an incident response plan MUST ensure it includes:

A. an inventory of critical data
B. criteria for escalation
C. critical infrastructure diagrams
D. a business impact analysis

Which of the following BEST facilitates the effective execution of an incident response plan?

A. The response team is trained on the plan.
B. The plan is based on risk assessment results.
C. The incident response plan aligns with the IT disaster recovery plan.
D. The plan is based on industry best practice.

Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?

A. Tabletop exercises
B. Forensics certification
C. Penetration tests
D. Disaster recovery drills

Which of the following be MOST effective in reducing the financial impact following a security breach leading to data disclosure?

A. A business continuity plan
B. Backup and recovery strategy
C. A data loss prevention (DLP) solution
D. An incident response plan

It is suspected that key e-mails have been viewed by unauthorized parties. The e-mail administrator conducted an investigation but it has not returned any information relating to the incident, and leaks are continuing. Which of the following is the BEST recommended course of action to senior management?

A. Commence security training for staff at the organization.
B. Arrange for an independent review.
C. Rebuild the e-mail application.
D. Restrict the distribution of confidential e-mails.

Which of the following metrics is MOST appropriate for evaluating the incident notification process?

A. Average total cost of downtime per reported incident
B. Average number of incidents per reporting period
C. Elapsed time between response and resolution
D. Elapsed time between detection, reporting and response