1. An information security manager has observed multiple exceptions for a number of different security controls. Which of the following should be the information security
1. An information security manager has observed multiple exceptions for a number of different security controls. Which of the following should be the information security manager's FIRST course of action?
- A. Report the noncompliance to the board of directors.
- B. Inform respective risk owners of the impact of exceptions
- C. Design mitigating controls for the exceptions.
- D. Prioritize the risk and implement treatment options.
2. An information security manager has been made aware that some employees are discussing confidential corporate business on social media sites. Which of the following is the BEST response to this situation?
- A. Communicate social media usage requirements and monitor compliance.
- B. Block workplace access to social media sites and monitor employee usage.
- C. Train employees how to set up privacy rules on social media sites.
- D. Scan social media sites for company-related information.
3. An information security manager is reviewing the organization's incident response policy affected by a proposed public cloud integration. Which of the following will be the MOST difficult to resolve with the cloud service provider?
- A. Accessing information security event data
- B. Regular testing of incident response plan
- C. Obtaining physical hardware for forensic analysis
- D. Defining incidents and notification criteria
Step by Step Solution
There are 3 Steps involved in it
Step: 1
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started