Scenario: A Chief Information Security Officer (CISO) recently had a third party conduct an audit of the security program. Internal policies and international standards were used as audit baselines. The audit report was presented to the CISO and a variety of high, medium and low rated gaps were identified.
After determining the audit findings are accurate, which of the following is the MOST logical next activity?
A. Validate gaps with the Information Technology team
B. Begin initial gap remediation analyses
C. Review the security organization's charter
D. Create a briefing of the findings for executive management
Scenario: Most industries require compliance with multiple government regulations and/or industry standards to meet data protection and privacy mandates. When multiple regulations or standards apply to your industry you should set controls to meet the___________________________.
A. Most complex standard
B. Recommendations of your Legal Staff
C. Easiest regulation or standard to implement
D. Stricter regulation or standard
Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs. You have identified potential solutions for all of your risks that do not have security controls.
What is the NEXT step?
A. Create a risk metrics for all unmitigated risks
B. Get approval from the board of directors
C. Verify that the cost of mitigation is less than the risk
D. Screen potential vendor solutions
Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers."
Which group of people should be consulted when developing your security program?
A. Peers
B. End Users
C. All of the above
D. Executive Management
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget. Using the best business practices for project management, you determine that the project correctly aligns with the organization goals.
What should be verified next?
A. Scope
B. Constraints
C. Resources
D. Budget
Scenario: The new CISO was informed of all the Information Security projects that the section has in progress. Two projects are over a year behind schedule and way over budget. Which of the following will be most helpful for getting an Information Security project that is behind schedule back on schedule?
A. Upper management support
B. Involve internal audit
C. More frequent project milestone meetings
D. More training of staff members
You are just hired as the new CISO and are being briefed on all the Information Security projects that your section has on going. You discover that most projects are behind schedule and over budget. Using the best business practices for project management you determine that the project correct aligns with the company goals.
What needs to be verified FIRST?
A. Training of the personnel on the project
B. Timeline of the project milestones
C. Vendor for the project
D. Scope of the project
The new CISO was informed of all the Information Security projects that the organization has in progress. Two projects are over a year behind schedule and over budget. Using best business practices for project management you determine that the project correctly aligns with the company goals.
Which of the following needs to be performed NEXT?
A. Verify technical resources
B. Verify capacity constraints
C. Verify the scope of the project
D. Verify the regulatory requirements
Scenario: Critical servers show signs of erratic behavior within your organization's intranet. Initial information indicates the systems are under attack from an outside entity. As the Chief Information Security Officer (CISO), you decide to deploy the Incident Response Team (IRT) to determine the details of this incident and take action according to the information available to the team. During initial investigation, the team suspects criminal activity but cannot initially prove or disprove illegal actions.
What is the MOST critical aspect of the team's activities?
A. Regular communication of incident status to executives
B. Preservation of information
C. Eradication of malware and system restoration
D. Determination of the attack source
Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
Once supervisors and data owners have approved requests, information system administrators will implement:
A. Management control(s)
B. Technical control(s)
C. Operational control(s)
D. Policy controls(s)
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only EC-COUNCIL exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 712-50 exam preparations and EC-COUNCIL certification application, do not hesitate to visit our Vcedump.com to find your solutions here.