QUESTION: 189 Exam Topic: 3, Security Program Management and Operations

The security team has investigated the theft/loss of several unencrypted laptop computers containing sensitive corporate information. To prevent the loss of any additional corporate data it is unilaterally decided by the CISO that all existing and future laptop computers will be encrypted. Soon, the help desk is flooded with complaints about the slow performance of the laptops and users are upset.
What did the CISO do wrong? (choose the BEST answer):

Failed to identify all stakeholders and their needs
Deployed the encryption solution in an inadequate manner
Used 1024 bit encryption when 256 bit would have sufficed
Used hardware encryption instead of software encryption

Answer(s): A

Reveal Solution Next Question

QUESTION: 190 Exam Topic: 3, Security Program Management and Operations

When gathering security requirements for an automated business process improvement program, which of the following is MOST important?

Type of data contained in the process/system
Type of connection/protocol used to transfer the data
Type of encryption required for the data once it is at rest
Type of computer the data is processed on

Answer(s): A

Reveal Solution Next Question

QUESTION: 191 Exam Topic: 3, Security Program Management and Operations

When selecting a security solution with reoccurring maintenance costs after the first year (choose the BEST answer):

The CISO should cut other essential programs to ensure the new solution's continued use
Communicate future operating costs to the CIO/CFO and seek commitment from them to ensure the new solution's continued use
Defer selection until the market improves and cash flow is positive
Implement the solution and ask for the increased operating cost budget when it is time

Answer(s): B

Reveal Solution Next Question