ECCouncil 512-50 - EC-Council Information Security Manager (E|ISM)
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
This global retail company is expected to accept credit card payments. Which of the following is of MOST concern when defining a security program for this organization?
When updating the security strategic planning document what two items must be included?
Which of the following is a common technology for visual monitoring?
Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years.
The organization has already been subject to a significant amount of credit card fraud. Which of the following is the MOST likely reason for this fraud?
A newly-hired CISO needs to understand the organization’s financial management standards for business units
and operations. Which of the following would be the best source of this information?
Providing oversight of a comprehensive information security program for the entire organization is the primary responsibility of which group under the InfoSec governance framework?
Which of the following is a term related to risk management that represents the estimated frequency at which a threat is expected to transpire?
Which of the following best represents a calculation for Annual Loss Expectancy (ALE)?
Many times a CISO may have to speak to the Board of Directors (BOD) about their cyber security posture. What would be the BEST choice of security metrics to present to the BOD?
Which of the following organizations is typically in charge of validating the implementation and effectiveness of security controls?