A.Interviewing candidates for information security specialist positions

B.Developing content for security awareness programs

C.Approving access to critical financial systems

D.Vetting information security policies

A.Assigning value to each information asset

B.Classifying and organizing information assets into meaningful groups

C.Creating an inventory of information assets

D.Calculating the risks to which assets are exposed in their current setting

A.Involve internal audit

B.More frequent project milestone meetings

C.More training of staff members

D.Upper management support

A.Identifying the victim of any potential exploits.

B.Assessing the impact of potential threats

C.Finding economic balance between the impact of the risk and the cost of the control

D.Identifying the risk

A.Development of KPI's are most useful when done independently

B.They are a strictly qualitative measure of success

C.They should be standard throughout the organization versus domain-specific so they are more easily correlated

D.They are a strictly quantitative measure of success