EC Council Certified CISO Set 3

The effective implementation of security controls can be viewed as an inhibitor to rapid Information technology implementations. ✘ Technology Governance is focused on process risks whereas Security Governance is focused on business risk. ✘ Technology governance defines technology policies and standards while security governance does not. ✘ Security governance defines technology best practices and Information Technology governance does not. ✔

How the security operations team will behave to reported incidents ✘ How vulnerabilities can potentially be exploited in systems that impact the organization ✘ How the firewall and other security devices are configured to prevent attacks ✘ How the incident management team prepares to handle an attack ✔

Security Operations Center (SOC) ✘ Chief Information Security Officer (CISO) ✘ Disaster Recovery (DR) manager ✘ Incident response Team (IRT) ✔

Outsource compliance to a 3rd party vendor and let them manage the program. ✘ Have Compliance Direct Information Security to fix issues after the auditor's report. ✘ Only check compliance right before the auditors are scheduled to arrive onsite. ✘ Have Compliance and Information Security partner to correct issues as they arise. ✔

following the recommendations of consultants and contractors ✘ raising awareness of security issues with end users ✘ favorable audit findings ✘ development of relationships with organization executives ✔

Identify and assess the risk assessment process used by management. ✘ Identify and evaluate existing controls. ✘ Identify information assets and the underlying systems. ✘ Disclose the threats and impacts to management. ✔

Originating IP-Address ✘ Date and time of the event ✘ Failure of the event ✘ Authentication type ✔

Communicate details of information security incidents ✘ Create effective policies detailing program activities ✘ Ensure efficient recovery and reinstate repaired systems ✘ Provide current employee awareness programs ✔

Scope ✘ Schedule ✘ Staff ✘ Scan tools ✔

An administrator with too much time on their hands ✘ Supporting the concept of layered security ✘ Network segmentation ✘ Putting undue time commitment on the system administrator ✔