Review terms and
definitions Focus your studying with a path Get faster at matching terms Answer: A Sets with similar termsWhich of the following situations would MOST inhibit the effective implementation of security governance:Options are :
Answer : High-level sponsorship CISM Information Security Governance Certified Practice Logging is an example of which type of defense against systems compromise?Options are :
Answer : Detection When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?Options are :
Answer : Compliance with the organization's information security requirements The MOST important characteristic of good security policies is that they:Options are :
Answer : are aligned with organizational goals. CISM Information Security Governance Practice Test Set 4 When developing an information security program, what is the MOST useful source of information for determining available resources?Options are :
Answer : Skills inventory To justify its ongoing security budget, which of the following would be of MOST use to the information security' department?Options are :
Answer : Cost-benefit analysis Who is ultimately responsible for the organization's information?Options are :
Answer : Board of directors CISM Information Risk Management Certification How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?Options are :
Answer : Negotiate a local version of the organization standards Which of the following would be the BEST option to improve accountability for a system administrator who has security functions?Options are :
Answer : Include security responsibilities in the job description What would a security manager PRIMARILY utilize when proposing the implementation of a security solution?Options are :
Answer : Business case CISM Certified Information Security Manager Test Practice Mock An information security manager must understand the relationship between information security and business operations in order to:Options are :
Answer : support organizational objectives. Which of the following is the MOST important to keep in mind when assessing the value of information?Options are :
Answer : The potential financial loss An outcome of effective security governance is:Options are :
Answer : strategic alignment. CISM Information Risk Management Certification Which of the following is the MOST important element of an information security strategy?Options are :
Answer : Defined objectives The MOST effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is for the information security manager to:Options are :
Answer : refer the issues to senior management along with any security recommendations. In order to highlight to management the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:Options are :
Answer : conduct a risk assessment. CISM Information Risk Management Certification When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?Options are :
Answer : Information security manager Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:Options are :
Answer : it implies compliance risks. In implementing information security governance, the information security manager is PRIMARILY responsible for:Options are :
Answer : developing the security strategy. CISM Information Security Governance Practice Test Set 4 What will have the HIGHEST impact on standard information security governance models?Options are :
Answer : Complexity of organizational structure A security manager meeting the requirements for the international flow of personal data will need to ensure:Options are :
Answer : the agreement of the data subjects. Which of the following is the MOST important prerequisite for establishing information security management within an organization?Options are :
Answer : Senior management commitment CISM Information Risk Management Certification Practice To justify the need to invest in a forensic analysis tool, an information security manager should FIRST:Options are :
Answer : substantiate the investment in meeting organizational needs. The FIRST step in developing an information security management program is to:Options are :
Answer : clarify organizational purpose for creating the program. To achieve effective strategic alignment of security initiatives, it is important that:Options are :
Answer : Inputs be obtained and consensus achieved between the major organizational units CISM Information Risk Management Certification Which of the following is MOST important in developing a security strategy?Options are :
Answer : Understanding key business objectives Who should drive the risk analysis for an organization?Options are :
Answer : Security manager Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?Options are :
Answer : Regulatory compliance CISM Information Security Program Management An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:Options are :
Answer : alignment. What would be the MOST significant security risks when using wireless local area network (LAN) technology?Options are :
Answer : Rogue access point An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles?Options are :
Answer : Proportionality CISM Incident Management and Response Practice What is the PRIMARY role of the information security manager in the process of information classification within an organization?Options are :
Answer : Defining and ratifying the classification structure of information assets The MOST useful way to describe the objectives in the information security strategy is through:Options are :
Answer : attributes and characteristics of the 'desired state." In order to highlight to management the importance of network security, the security manager should FIRST:Options are :
Answer : conduct a risk assessment. Obtaining senior management support for establishing a warm site can BEST be accomplished by:Options are :
Answer : developing a business case What is our information security governance primarily driven by?Information security governance is PRIMARILY driven by:
business strategy.
What is the primary purpose of information security governance?Information security governance ensures that an organization has the correct information structure, leadership, and guidance. Governance helps ensure that a company has the proper administrative controls to mitigate risk. Risk analysis helps ensure that an organization properly identifies, analyzes, and mitigates risk.
What are the five goals of information security governance?2.2 Security Governance Principles and Desired Outcomes. Establish organizationwide information security. ... . Adopt a risk-based approach. ... . Set the direction of investment decisions. ... . Ensure conformance with internal and external requirements. ... . Foster a security-positive environment for all stakeholders.. Which answer indicates the purpose for security governance?Which Answer Indicates The Purpose For Security Governance? The purpose of Security Governance is to protect people from threats and cyberattacks. Aligning the organization's security program with the business's needs was identified.
|