Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

1. A. Defining information stewardship roles
2. B. Defining security asset categorization
3. C. Assigning information asset ownership
4. D. Developing a records retention schedule

Correct Answer: C

Which of the following is the MOST important criterion when deciding whether to accept residual risk?

1. A. Cost of replacing the asset
2. B. Cost of additional mitigation
3. C. Annual loss expectancy (ALE)
4. D. Annual rate of occurrence

Correct Answer: A

Which of the following BEST ensures timely and reliable access to services?

1. A. Nonrepudiation
2. B. Authenticity
3. C. Availability
4. D. Recovery time objective (RTO)

Correct Answer: C

Which of the following will provide the MOST guidance when deciding the level of protection for an information asset?

1. A. Impact on information security program
2. B. Cost of controls
3. C. Impact to business function
4. D. Cost to replace

Correct Answer: C
When deciding the level of protection for an information asset, the most important factor to consider is the impact to the business function. The value of the asset should be evaluated in terms of its importance to the organization's operations and how its security posture affects the organization's overall security posture. Additionally, the cost of implementing controls, the potential impact on the information security program, and the cost to replace the asset should be taken into account when determining the appropriate level of protection for the asset.

Which of the following is the MOST effective way to help staff members understand their responsibilities for information security?

1. A. Communicate disciplinary processes for policy violations.
2. B. Require staff to participate in information security awareness training.
3. C. Require staff to sign confidentiality agreements.
4. D. Include information security responsibilities in job descriptions.

Correct Answer: B