← Back to exam page

512-50 EC-Council Information Security Manager (E|ISM)

Loading demo links...

Showing 7–9 of 20 questions

Question 7 (Governance, Risk, Compliance)

Which of the following is the MAIN reason to follow a formal risk management process in an organization that hosts and uses privately identifiable information (PII) as part of their business models and processes?

Select an option, then click Submit answer.

  • Need to comply with breach disclosure laws

  • Need to transfer the risk associated with hosting PII data

  • Need to better understand the risk associated with using PII data

  • Fiduciary responsibility to safeguard credit card information
Question 8 (Information Security Controls and Audit Management)

The remediation of a specific audit finding is deemed too expensive and will not be implemented. Which of the following is a TRUE statement?

Select an option, then click Submit answer.

  • The asset is more expensive than the remediation

  • The audit finding is incorrect

  • The asset being protected is less valuable than the remediation costs

  • The remediation costs are irrelevant; it must be implemented regardless of cost.
Question 9 (Information Security Controls and Audit Management)

To have accurate and effective information security policies how often should the CISO review the organization policies?

Select an option, then click Submit answer.

  • Every 6 months

  • Quarterly

  • Before an audit

  • At least once a year