search

Which of the following factors is a primary driver for information security governance that does not require any further justification?

1 Jahrs vor
Kommentare: 0
Ansichten: 57

How do you want to study today?

Answer: A
Explanation:
Data classification is determined by the business risk, i.e., the potential impact on the business of the loss, corruption or disclosure of information. It must be applied to information in all forms, both electronic and physical (paper), and should be applied by the data owner, not the security manager. Choice B is an incomplete answer because it addresses only privacy issues, while choice A is a more complete response. Data classification is determined by the business risk, i.e., the potential impact on the business of the loss, corruption or disclosure of information. It must be applied to information in all forms, both electronic and physical (paper), and should be applied by the data owner, not the security manager.

Sets with similar terms

Which of the following situations would MOST inhibit the effective implementation of security governance:

Options are :

  • High-level sponsorship
  • Budgetary constraints
  • The complexity of technology
  • Conflicting business priorities

Answer : High-level sponsorship

CISM Information Security Governance Certified Practice

Logging is an example of which type of defense against systems compromise?

Options are :

  • Detection
  • Recovery
  • Containment
  • Reaction

Answer : Detection

When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?

Options are :

  • Compliance with international security standards.
  • Existence of an alternate hot site in case of business disruption.
  • Compliance with the organization's information security requirements
  • Use of a two-factor authentication system

Answer : Compliance with the organization's information security requirements

The MOST important characteristic of good security policies is that they:

Options are :

  • are aligned with organizational goals.
  • govern the creation of procedures and guidelines.
  • state expectations of IT management
  • state only one general security mandate.

Answer : are aligned with organizational goals.

CISM Information Security Governance Practice Test Set 4

When developing an information security program, what is the MOST useful source of information for determining available resources?

Options are :

  • Organization chart
  • Proficiency test
  • Skills inventory
  • Job descriptions

Answer : Skills inventory

To justify its ongoing security budget, which of the following would be of MOST use to the information security' department?

Options are :

  • Cost-benefit analysis
  • Security breach frequency
  • Peer group comparison
  • Annualized loss expectancy (ALE)

Answer : Cost-benefit analysis

Who is ultimately responsible for the organization's information?

Options are :

  • Data custodian
  • Chief information officer (CIO)
  • Board of directors
  • Chief information security officer (CISO)

Answer : Board of directors

CISM Information Risk Management Certification

How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?

Options are :

  • Follow local regulations only
  • Negotiate a local version of the organization standards
  • Make the organization aware of those standards where local regulations causes conflicts
  • Give organization standards preference over local regulations

Answer : Negotiate a local version of the organization standards

Which of the following would be the BEST option to improve accountability for a system administrator who has security functions?

Options are :

  • Require the administrator to obtain security certification
  • Train the system administrator on risk assessment
  • Train the system administrator on penetration testing and vulnerability assessment
  • Include security responsibilities in the job description

Answer : Include security responsibilities in the job description

What would a security manager PRIMARILY utilize when proposing the implementation of a security solution?

Options are :

  • Budgetary requirements
  • Technical evaluation report
  • Business case
  • Risk assessment report

Answer : Business case

CISM Certified Information Security Manager Test Practice Mock

An information security manager must understand the relationship between information security and business operations in order to:

Options are :

  • understand the threats to the business.
  • determine likely areas of noncompliance.
  • assess the possible impacts of compromise.
  • support organizational objectives.

Answer : support organizational objectives.

Which of the following is the MOST important to keep in mind when assessing the value of information?

Options are :

  • The potential financial loss
  • The cost of insurance coverage
  • Regulatory requirement
  • The cost of recreating the information

Answer : The potential financial loss

An outcome of effective security governance is:

Options are :

  • business dependency assessment
  • strategic alignment.
  • risk assessment.
  • planning.

Answer : strategic alignment.

CISM Information Risk Management Certification

Which of the following is the MOST important element of an information security strategy?

Options are :

  • Adoption of a control framework
  • Complete policies
  • Time frames for delivery
  • Defined objectives

Answer : Defined objectives

The MOST effective approach to address issues that arise between IT management, business units and security management when implementing a new security strategy is for the information security manager to:

Options are :

  • refer the issues to senior management along with any security recommendations.
  • ensure that senior management provides authority for security to address the issues.
  • insist that managers or units not in agreement with the security solution accept the risk.
  • escalate issues to an external third party for resolution

Answer : refer the issues to senior management along with any security recommendations.

In order to highlight to management the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:

Options are :

  • develop an information security policy.
  • conduct a risk assessment.
  • btain benchmarking information.
  • prepare a security budget.

Answer : conduct a risk assessment.

CISM Information Risk Management Certification

When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?

Options are :

  • System users
  • Business management
  • Information security manager
  • Operations manager

Answer : Information security manager

Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:

Options are :

  • it violates industry security practices.
  • short-term impact cannot be determined.
  • changes in the roles matrix cannot be detected.
  • it implies compliance risks.

Answer : it implies compliance risks.

In implementing information security governance, the information security manager is PRIMARILY responsible for:

Options are :

  • developing the security strategy.
  • approving the security strategy
  • communicating the security strategy.
  • reviewing the security strategy

Answer : developing the security strategy.

CISM Information Security Governance Practice Test Set 4

What will have the HIGHEST impact on standard information security governance models?

Options are :

  • Distance between physical locations
  • Number of employees
  • Complexity of organizational structure
  • Organizational budget

Answer : Complexity of organizational structure

A security manager meeting the requirements for the international flow of personal data will need to ensure:

Options are :

  • a data protection registration.
  • a data processing agreement
  • the agreement of the data subjects.
  • subject access procedures.

Answer : the agreement of the data subjects.

Which of the following is the MOST important prerequisite for establishing information security management within an organization?

Options are :

  • Senior management commitment
  • Information security framework
  • Information security policy
  • Information security organizational structure

Answer : Senior management commitment

CISM Information Risk Management Certification Practice

To justify the need to invest in a forensic analysis tool, an information security manager should FIRST:

Options are :

  • review the functionalities and implementation requirements of the solution.
  • provide examples of situations where such a tool would be useful.
  • review comparison reports of tool implementation in peer companies.
  • substantiate the investment in meeting organizational needs.

Answer : substantiate the investment in meeting organizational needs.

The FIRST step in developing an information security management program is to:

Options are :

  • clarify organizational purpose for creating the program.
  • identify business risks that affect the organization.
  • assign responsibility for the program.
  • assess adequacy of controls to mitigate business risks.

Answer : clarify organizational purpose for creating the program.

To achieve effective strategic alignment of security initiatives, it is important that:

Options are :

  • Steering committee leadership be selected by rotation.
  • Inputs be obtained and consensus achieved between the major organizational units
  • The business strategy be updated periodically.
  • Procedures and standards be approved by all departmental heads.

Answer : Inputs be obtained and consensus achieved between the major organizational units

CISM Information Risk Management Certification

Which of the following is MOST important in developing a security strategy?

Options are :

  • Having a reporting line to senior management
  • Creating a positive business security environment
  • Understanding key business objectives
  • Allocating sufficient resources to information security

Answer : Understanding key business objectives

Who should drive the risk analysis for an organization?

Options are :

  • Quality manager
  • Security manager
  • Legal department
  • Senior management

Answer : Security manager

Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?

Options are :

  • Business continuity investment
  • Alignment with industry best practices
  • Regulatory compliance
  • Business benefits

Answer : Regulatory compliance

CISM Information Security Program Management

An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:

Options are :

  • integration.
  • alignment.
  • value delivery
  • performance measurement.

Answer : alignment.

What would be the MOST significant security risks when using wireless local area network (LAN) technology?

Options are :

  • Man-in-the-middle attack
  • Session hijacking
  • Rogue access point
  • Spoofing of data packets

Answer : Rogue access point

An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles?

Options are :

  • Proportionality
  • Ethics
  • Integration
  • Accountability

Answer : Proportionality

CISM Incident Management and Response Practice

What is the PRIMARY role of the information security manager in the process of information classification within an organization?

Options are :

  • Deciding the classification levels applied to the organization's information assets
  • Defining and ratifying the classification structure of information assets
  • Securing information assets in accordance with their classification
  • Checking if information assets have been classified properly

Answer : Defining and ratifying the classification structure of information assets

The MOST useful way to describe the objectives in the information security strategy is through:

Options are :

  • attributes and characteristics of the 'desired state."
  • calculation of annual loss expectations
  • mapping the IT systems to key business processes.
  • overall control objectives of the security program.

Answer : attributes and characteristics of the 'desired state."

In order to highlight to management the importance of network security, the security manager should FIRST:

Options are :

  • develop a security architecture.
  • conduct a risk assessment.
  • install a network intrusion detection system (NIDS) and prepare a list of attacks
  • develop a network security policy.

Answer : conduct a risk assessment.

Obtaining senior management support for establishing a warm site can BEST be accomplished by:

Options are :

  • developing effective metrics.
  • developing a business case
  • promoting regulatory requirements.
  • establishing a periodic risk assessment

Answer : developing a business case

What is our information security governance primarily driven by?

Information security governance is PRIMARILY driven by: business strategy.

What is the primary purpose of information security governance?

Information security governance ensures that an organization has the correct information structure, leadership, and guidance. Governance helps ensure that a company has the proper administrative controls to mitigate risk. Risk analysis helps ensure that an organization properly identifies, analyzes, and mitigates risk.

What are the five goals of information security governance?

2.2 Security Governance Principles and Desired Outcomes.
Establish organizationwide information security. ... .
Adopt a risk-based approach. ... .
Set the direction of investment decisions. ... .
Ensure conformance with internal and external requirements. ... .
Foster a security-positive environment for all stakeholders..

Which answer indicates the purpose for security governance?

Which Answer Indicates The Purpose For Security Governance? The purpose of Security Governance is to protect people from threats and cyberattacks. Aligning the organization's security program with the business's needs was identified.

factors primary driver information security governance require justification

zusammenhängende Posts

Which of the following identification and authentication factors are often well known or easily discovered by others on the same network or system quizlet?
Which of the following identification and authentication factors are often well known or easily discovered by others on the same network or system quizlet?

Which of the following is one of the biggest factors of an environments effect on structure that allows organizations to focus on efficiency?
Which of the following is one of the biggest factors of an environments effect on structure that allows organizations to focus on efficiency?

Which of the following does your textbook discuss as major factors in demographic audience analysis?
Which of the following does your textbook discuss as major factors in demographic audience analysis?

Which of the following factors are important to keep in mind when giving a speech online quizlet?
Which of the following factors are important to keep in mind when giving a speech online quizlet?

What research seeks to identify whether an association or relationship between two factors exists?
What research seeks to identify whether an association or relationship between two factors exists?

Which of the following motivating factors or concepts is important to all workers regardless of their national culture?
Which of the following motivating factors or concepts is important to all workers regardless of their national culture?

Which factors should the nurse identify as increasing a patient’s risk for hypovolemic hyponatremia?
Which factors should the nurse identify as increasing a patient’s risk for hypovolemic hyponatremia?

The authors of the excerpt above were most likely motivated by which of the following factors?
The authors of the excerpt above were most likely motivated by which of the following factors?

What factors contributed to and characterized industrialization in the period from 1750 to 1900?
What factors contributed to and characterized industrialization in the period from 1750 to 1900?

Which factors influence vocabulary speech and comprehension in preschoolers select all that apply one some or all responses may be correct?
Which factors influence vocabulary speech and comprehension in preschoolers select all that apply one some or all responses may be correct?

Werbung

NEUESTEN NACHRICHTEN

Which of the following are website design features that not annoy customers?
1 Jahrs vor . durch UnyieldingHurricane
Hyperefficient chips of the future may also be made out of carbon nanotubes.
1 Jahrs vor . durch AdvancedAbsurdity
Ab in den Urlaub Login funktioniert nicht
1 Jahrs vor . durch UngratefulCabal
Sibylle berg ein paar leute suchen das glück und lachen sich tot
1 Jahrs vor . durch BloodshotScenery
Nicht schon wieder an die Ostsee text
1 Jahrs vor . durch LunaticAdultery
Indirect methods for determining which evaluative criteria are being used include
1 Jahrs vor . durch OverstuffedMailing
What are 4 most important factors influencing consumer purchasing decisions?
1 Jahrs vor . durch GalvanizedGrappling
When evaluating research material the three primary evaluation criteria are?
1 Jahrs vor . durch Down-to-earthRedemption
Was geht durch eine Tür aber geht niemals rein und kommt niemals raus Lösung
1 Jahrs vor . durch RepulsivePullman
E-bike mit bosch motor 85 nm
1 Jahrs vor . durch UntrainedTuesday

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeentrdeptjp
Urheberrechte © © 2024 membukakan Inc.