← Back to exam page

512-50 EC-Council Information Security Manager (E|ISM)

Loading demo links...

Showing 13–15 of 20 questions

Question 13 (Security Program Management and Operations)

When should IT security project management be outsourced?

Select an option, then click Submit answer.

  • When organizational resources are limited

  • When the benefits of outsourcing outweigh the inherent risks of outsourcing

  • On new, enterprise-wide security initiatives

  • On projects not forecasted in the yearly budget
Question 14 (Strategic Planning, Finance, Procurement, and Third-Party Management)

Scenario: You are the CISO and have just completed your first risk assessment for your organization. You find many risks with no security controls, and some risks with inadequate controls. You assign work to your staff to create or adjust existing security controls to ensure they are adequate for risk mitigation needs.

When adjusting the controls to mitigate the risks, how often should the CISO perform an audit to verify the controls?

Select an option, then click Submit answer.

  • Annually

  • Semi-annually

  • Quarterly

  • Never
Question 15 (Governance, Risk, Compliance)

A business unit within your organization intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should the information security manager take?

Select an option, then click Submit answer.

  • Enforce the existing security standards and do not allow the deployment of the new technology.

  • Amend the standard to permit the deployment.

  • If the risks associated with that technology are not already identified, perform a risk analysis to quantify the risk, and allow the business unit to proceed based on the identified risk level.

  • Permit a 90-day window to see if an issue occurs and then amend the standard if there are no issues.