Which is not one of the primary missions of a security council?
Which is not a direct advantage of reporting as high in the organization as position?
Review and Recommend Security Policies
Prioritize Information Security Efforts
Mediate between IT management and systems security
Recommend Areas Requiring Investment
Perform more efficient IT and network administration
Gain other senior management’s attention to security
Limit the distortion or inaccurate translation of messages
Maintain visibility of the importance of information security
Leading organizations have been doing certain critical functions to meet information security challenges. What is the correct order of these functions?
2 points
Which is not the responsibility of the Internal Audit Department?
2 points
What is the best way to communicate policies and controls within an organization?
Assess Risk and Determine Needs > Monitor and Evaluate > Promote Awareness > Implement Policies and Controls
Monitor and Evaluate > Promote Awareness > Implement Policies and Controls > Assess Risk and Determine Needs
Assess Risk and Determine Needs > Implement Policies and Controls > Promote Awareness > Monitor and Evaluate
Monitor and Evaluate > Implement Policies and Controls > Assess Risk and Determine Needs > Promote Awareness
Evaluating the implementation of the organization’s control structure
Evaluating the effectiveness of the organization’s control structure
Performing penetration tests and vulnerability assessments
Reporting audit failures to the board of directors if needed
Promoting awareness campaigns
Enforcing policies and controls
Having a meeting with department leads
Performing a risk analysis
