As the CISO, you have been tasked with the execution of the company’s key management program. You
MUST ensure the integrity of encryption keys at the point of generation. Which principal of encryption key
control will ensure no single individual can constitute or re-constitute a key?
John is the project manager for a large project in his organization. A new change request has been proposed that will affect several areas of the project. One area of the project change impact is on work that a vendor has already completed. The vendor is refusing to make the changes as they’ve already completed the project work they were contracted to do. What can John do in this instance?
Which of the following provides an independent assessment of a vendor’s internal security controls and overall posture?
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO’s approach to security?