- (Topic 5)
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget.
Using the best business practices for project management, you determine that the project
correctly aligns with the organization goals. What should be verified next?
Correct Answer:
A
- (Topic 3)
Which of the following is considered a project versus a managed process?
Correct Answer:
D
- (Topic 2)
A missing/ineffective security control is identified. Which of the following should be the NEXT step?
Correct Answer:
C
- (Topic 5)
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.
You have identified potential solutions for all of your risks that do not have security controls. What is the NEXT step?
Correct Answer:
C
- (Topic 3)
Which of the following is MOST beneficial in determining an appropriate balance between uncontrolled innovation and excessive caution in an organization?
Correct Answer:
A
