The MOST complete business case for security solutions is one that.Options are : Show
Answer : includes appropriate justification CISM Information Security Program Management Test An organization's board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information. What actions should the board take next?Options are :
Answer : Require management to report on compliance Investment in security technology and processes should be based on:Options are :
Answer : clear alignment with the goals and objectives of the organization. Which of the following is the BEST method or technique to ensure the effective implementation of an information security program?Options are :
Answer : Obtain the support of the board of directors. CISM Information Security Program Management Practice Which of the following is MOST important to understand when developing a meaningful information security strategy?Options are :
Answer : Organizational goals A multinational organization operating in fifteen countries is considering implementing an information security program. Which factor will MOST influence the design of the Information security program?Options are :
Answer : Cultures of the different countries Which of the following is a benefit of information security governance?Options are :
Answer : Questioning trust in vendor relationships Cism Information Security Program Development Which of the following should be determined while defining risk management strategies?Options are :
Answer : Organizational objectives and risk appetite Which of the following would help to change an organization's security culture?Options are :
Answer : Obtain strong management support What is the MOST important factor in the successful implementation of an enterprise wide information security program?Options are :
Answer : Support of senior management CISM Information Security Program Management Test The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:Options are :
Answer : the plan aligns with the organization's business plan. When an organization is implementing an information security governance program, its board of directors should be responsible for:Options are :
Answer : setting the strategic direction of the program. The data access requirements for an application should be determined by the:Options are :
Answer : business owner. CISM Incident Management Response Certified Practice Exam Set 3 A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will own the process regarding the results and the assigned risk. Which of the following would be the BES T approach of the information security manager?Options are :
Answer : Review of the assessment with executive management for final input An IS manager has decided to implement a security system to monitor access to the Internet and prevent access to numerous sites. Immediately upon installation, employees Hood the IT helpdesk with complaints of being unable to perform business functions on Internet sites. This is an example of:Options are :
Answer : conflicting security controls with organizational needs. Which of the following is the BEST reason to perform a business impact analysis (BIA)?Options are :
Answer : To help determine the current state of risk Cism Information Security Program Development Practice Exam Information security should be:Options are :
Answer : a balance between technical and business requirements. Which of the following is an advantage of a centralized information security organizational structure?Options are :
Answer : It is easier to manage and control Who is responsible for ensuring that information is categorized and that specific protective measures are taken?Options are :
Answer : Senior management CISM Information Security Program Management Test From an information security perspective, information that no longer supports the main purpose of the business should be:Options are :
Answer : analyzed under the retention policy. Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?Options are :
Answer : Continuous analysis, monitoring and feedback Which of the following is the BEST justification to convince management to invest in an information security program?Options are :
Answer : Increased business value CISM Incident Management and Response Practice Exam The BEST way to justify the implementation of a single sign-on (SSO) product is to use:Options are :
Answer : a business case. The MOST important factor in ensuring the success of an information security program is effective:Options are :
Answer : alignment with organizational goals and objectives . On a company's e-commerce web site, a good legal statement regarding data privacy should include:Options are :
Answer : a statement regarding what the company will do with the information it collects. CISM Information Risk Management Certification Practice The FIRST step to create an internal culture that focuses on information security is to:Options are :
Answer : gain the endorsement of executive management. Effective IT governance is BEST ensured by:Options are :
Answer : utilizing a top-down approach. Which of the following should be included in an annual information security budget that is submitted for management approval?Options are :
Answer : A cost-benefit analysis of budgeted resources CISM Information Risk Management Certification Test The FIRST step in establishing a security governance program is to:Options are :
Answer : obtain high-level sponsorship. The organization has decided to outsource the majority of the IT department with a vendor that is hosting servers in a foreign country. Of the following, which is the MOST critical security consideration?Options are :
Answer : Laws and regulations of the country of origin may not be enforceable in the foreign country. Which of the following would be MOST helpful to achieve alignment between information security and organization objectives?Options are :
Answer : A security program that enables business activities CISM Information Risk Management Certification What is the MAIN risk when there is no user management representation on the Information Security Steering Committee?Options are :
Answer : Information security plans are not aligned with business requirements An organization's information security strategy should be based on:Options are :
Answer : managing risk relative to business objectives. When implementing effective security governance within the requirements of the company's security strategy, which of the following is the MOST important factor to consider?Options are :
Answer : Preserving the confidentiality of sensitive data CISM Information Risk Management Certification Which of the following is the most important element when developing an information security strategy?Which of the following is the MOST important element of an information security strategy? Explanation: Without defined objectives, a strategy -” the plan to achieve objectives -” cannot be developed.
Which of the following is most important in developing a security strategy?Which of the following is MOST important in developing a security strategy? Explanation: Alignment with business strategy is of utmost importance.
Which of the following choices is the most important consideration when developing the security strategy of a company operating in different countries?Which of the following choices is the most important consideration when developing the security strategy of a company operating in different countries? A mission critical system has been identified as having an administrative system account with attributes that prevent locking and change of privilege and name.
Which of the following is the most important reason for an organization to develop an information security governance?Which of the following is the MOST important reason for an organization to develop an information security governance program? The PRIMARY purpose of aligning information security with corporate governance objectives is to: A. build capabilities to improve security processes.
|