A missing/ineffective security control is identified. Which of the following should be the NEXT step?
When measuring the effectiveness of an Information Security Management System which one of the following would be MOST LIKELY used as a metric framework?
Which of the following are necessary to formulate responses to external audit findings?
Which of the following BEST describes an international standard framework that is based on the security model Information Technology—Code of Practice for Information Security Management?
The executive board has requested that the CISO of an organization define and Key Performance Indicators (KPI) to measure the effectiveness of the security awareness program provided to call center employees. Which of the following can be used as a KPI?
The BEST organization to provide a comprehensive, independent and certifiable perspective on established security controls in an environment is
An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization’s IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process:
The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?
The MOST common method to get an unbiased measurement of the effectiveness of an Information Security Management System (ISMS) is to
Which International Organization for Standardization (ISO) below BEST describes the performance of risk management, and includes a five-stage risk management methodology.
