cciso-4

Which of the following is the main reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of its business models and processes?

Which is the most important benefit of an effective security governance process?

What is the main purpose of the Incident Response Team?

When project costs continually increase throughout implementation due to large or rapid changes in customer or user requirements, this is commonly known as:

An organization has decided to address information security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant, but it is expected to grow to a global customer base of many millions of customers in just a few years. The organization has already been subject to a significant amount of credit card fraud. Which of the following is the most likely reason for this fraud?

Which of the following information would most likely be reported at the board level within an organization?

A CISO has implemented a risk management capability within the security portfolio. Which of the following terms best describes this functionality?

You work as a project manager and are planning for risk mitigation. You need to quickly identify high-level risks that will need more in-depth analysis. Which one of the following approaches would you use?

Which of the following are primary concerns for management about assessing internal control objectives?

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data, it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. The help desk is then flooded with complaints about the slow performance of the laptops and users are upset. Which of the following best describes what the CISO did wrong?