Quiz CISM

Quiz CISM, Certified Information Security Manager

The BEST strategy for risk management is to:

Which of the following would be the MOST important factor to be considered in the loss of mobile equipment with unencrypted data?

What should the information security manager do FIRST?

Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?

One way to determine control effectiveness is by determining:

What does a network vulnerability assessment intend to identify?

Who is responsible for ensuring that information is classified?

The information security manager should recommend to business management that the risk be:

what should be reported FIRST to senior management?

The PRIMARY reason for initiating a policy exception process is when: