EISM 512-50 Dumps PDF

Page: 12 / 14

Question 48

Which of the following is the MOST important benefit of an effective security governance process?

Options:

Reduction of liability and overall risk to the organization

Better vendor management

Reduction of security breaches

Senior management participation in the incident response process

Question 49

Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?

Options:

Security regulations

Asset classification

Information security policy

Data classification

Question 50

Scenario: Your program is developed around minimizing risk to information by focusing on people, technology, and operations.

An effective way to evaluate the effectiveness of an information security awareness program for end users, especially senior executives, is to conduct periodic:

Options:

Controlled spear phishing campaigns

Password changes

Baselining of computer systems

Scanning for viruses

Question 51

Scenario: You are the newly hired Chief Information Security Officer for a company that has not previously had a senior level security practitioner. The company lacks a defined security policy and framework for their Information Security Program. Your new boss, the Chief Financial Officer, has asked you to draft an outline of a security policy and recommend an industry/sector neutral information security control framework for implementation.

Your Corporate Information Security Policy should include which of the following?