512-50試験無料問題集「EC-COUNCIL EC-Council Information Security Manager (E|ISM) 認定」

The Information Security Governance program MUST:

Which of the following BEST describes an international standard framework that is based on the security model Information Technology-Code of Practice for Information Security Management?

Which of the following functions evaluates risk present in IT initiatives and/or systems when implementing an information security program?

A security officer wants to implement a vulnerability scanning program. The officer is uncertain of the state of vulnerability resiliency within the organization's large IT infrastructure. What would be the BEST approach to minimize scan data output while retaining a realistic view of system vulnerability?

The success of the Chief Information Security Officer is MOST dependent upon:

Which of the following is the MOST important component of any change management process?

Which of the following is considered the foundation for the Enterprise Information Security Architecture (EISA)?

You have a system with 2 identified risks. You determine the probability of one risk occurring is higher than the

Which of the following is true regarding expenditures?

A severe security threat has been detected on your corporate network. As CISO you quickly assemble key members of the Information Technology team and business operations to determine a modification to security controls in response to the threat. This is an example of:

Scenario: As you begin to develop the program for your organization, you assess the corporate culture and determine that there is a pervasive opinion that the security program only slows things down and limits the performance of the "real workers." What must you do first in order to shift the prevailing opinion and reshape corporate culture to understand the value of information security to the organization?

Scenario: Your organization employs single sign-on (user name and password only) as a convenience to your employees to access organizational systems and data. Permission to individual systems and databases is vetted and approved through supervisors and data owners to ensure that only approved personnel can use particular applications or retrieve information. All employees have access to their own human resource information, including the ability to change their bank routing and account information and other personal details through the Employee Self-Service application. All employees have access to the organizational VPN.
The organization wants a more permanent solution to the threat to user credential compromise through phishing. What technical solution would BEST address this issue?

An organization has implemented a change management process for all changes to the IT production environment. This change management process follows best practices and is expected to help stabilize the availability and integrity of the organization's IT environment. Which of the following can be used to measure the effectiveness of this newly implemented process: