READ Free Dumps For
Warning: Undefined variable $vendor in /home1/bandbozu/getfreedumps.com/quiz.php on line 141
-
Warning: Undefined variable $exam_number in /home1/bandbozu/getfreedumps.com/quiz.php on line 141
| Question ID 16812 | An information security manager must understand the relationship between information
security and business operations in order to:
|
| Option A | support organizational objectives.
|
| Option B | determine likely areas of noncompliance.
|
| Option C | assess the possible impacts of compromise.
|
| Option D | understand the threats to the business.
|
| Correct Answer | A |
Explanation Explanation: Security exists to provide a level of predictability for operations, support for the activities of the organization and to ensure preservation of the organization. Business operations must be the driver for security activities in order to set meaningful objectives, determine and manage the risks to those activities, and provide a basis to measure the effectiveness of and provide guidance to the security program. Regulatory compliance may or may not be an organizational requirement. If compliance is a requirement, some level of compliance must be supported but compliance is only one aspect. It is necessary to understand the business goals in order to assess potential impacts and evaluate threats. These are some of the ways in which security supports organizational objectives, but they are not the only ways.
| Question ID 16813 | Which of the following should be the FIRST step in developing an information security
plan?
|
| Option A | Perform a technical vulnerabilities assessment
|
| Option B | Analyze the current business strategy
|
| Option C | Perform a business impact analysis
|
| Option D | Assess the current levels of security awareness
|
| Correct Answer | B |
Explanation Explanation: Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.