Organizations have to ensure the alignment of the security function to business strategy, goals, mission, and objectives. Which of the following statements is least related to the security function? (Wentz QOTD)
A. Employ symmetric cryptographic algorithms to encrypt files.
B. Conduct internal audits to ensure the effectiveness of security controls.
C. Establish a security perimeter to partition nonsecurity functions in a computer system.
D. Assign a person to be in charge of information security and report to senior management.

Your company collects and processes consumer information for business purposes and shall comply with laws and regulations that require it to properly dispose of such information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. If a disposal company will be employed, which of the following least likely belongs to your company’s due diligence? (Wentz QOTD)
A. Review an independent audit of the disposal company’s operations.
B. Review and evaluate the disposal company’s information security policies.
C. Enter into and monitor compliance with a contract with the disposal company.
D. Require that the disposal company be certified by a recognized trade association.

Committees established at the board level are also known as board or governance committees. Which of the following is least likely to be established at the board level? (Wentz QOTD)
A. Audit committee
B. Governance committee
C. Compensation committee
D. Business continuity steering committee

I introduce strategic management in this post. My book, The Effective CISSP: Security and Risk Management, has details.

As a CISO, you are developing the information security strategy that needs to be aligned with the corporate strategy and business objectives. Which of the following task should be done first? (Wentz QOTD)
A. Conduct the SWOT analysis
B. Develop a portfolio of initiatives
C. Issue information security policies
D. Determine the gap between the desired and current state

As part of the e-discovery in a legal proceeding on salary controversy, an unfriendly ex-employee submitted a legal request for the printout of audit trails in question stored on the SIEM server to your company. Which of the following least affects the admissibility of the printout as evidence? (Wentz QOTD)
A. The best evidence rule
B. Exceptions to the rule against hearsay
C. The beyond a reasonable doubt standard
D. The preponderance of the evidence standard

As part of the e-discovery, an unfriendly ex-employee submitted a legal request for producing certain files stored on the server to your company. Which of the following investigations is most likely conducted? (Wentz QOTD)
A. Administrative investigation
B. Criminal investigation
C. Civil investigation
D. Regulatory investigation

Your company initiated a business continuity program (BCP) to implement the business continuity management system (BCMS) compliant with ISO 22301. The BCP team is planning for business continuity. Which of the following is the most feasible requirement? (Wentz QOTD)
A. The BCP team shall also consider the incident response.
B. Risk assessment shall be completed before business impact analysis.
C. Risk assessment shall be completed during business impact analysis.
D. The scope of BCP shall be enterprise-wide to cover the enterprise as a whole.