Tag - CISM exam

Which of the following is MOST appropriate for inclusion in an information security strategy?A . Business controls designated as key controlsB . Security processes, methods, tools and techniquesC . Firewall rule sets, network defaults and intrusion detection system (IDS) settingsD . Budget estimates to acquire specific security toolsView AnswerAnswer: B...

Who should drive the risk analysis for an organization?A . Senior managementB . Security managerC . Quality managerD . Legal departmentView AnswerAnswer: B Explanation: Although senior management should support and sponsor a risk analysis, the know-how and the management of the project will be with the security department. Quality management...

At what stage of the applications development process should the security department initially become involved?A . When requestedB . At testingC . At programmingD . At detail requirementsView AnswerAnswer: D Explanation: Information security has to be integrated into the requirements of the application's design. It should also be part of...

A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?A . Enforce the existing security standardB . Change the standard to permit the deploymentC . Perform a risk analysis...

A good privacy statement should include:A . notification of liability on accuracy of information.B . notification that information will be encrypted.C . what the company will do with information it collects.D . a description of the information classification process.View AnswerAnswer: C Explanation: Most privacy laws and regulations require disclosure on...

A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be of MOST value?A . Examples of genuine incidents at similar organizationsB . Statement of generally accepted best practicesC . Associating realistic threats to corporate...

An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:A . performance measurement.B . integration.C . alignment.D . value delivery.View AnswerAnswer: C Explanation: Strategic alignment of security with business objectives is a key indicator of performance measurement. In guiding a security...

Which of the following is the MOST important information to include in a strategic plan for information security?A . Information security staffing requirementsB . Current state and desired future stateC . IT capital investment requirementsD . information security mission statementView AnswerAnswer: B Explanation: It is most important to paint a...

Which of the following requirements would have the lowest level of priority in information security?A . TechnicalB . RegulatoryC . PrivacyD . BusinessView AnswerAnswer: A Explanation: Information security priorities may, at times, override technical specifications, which then must be rewritten to conform to minimum security standards. Regulatory and privacy requirements...

Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:A . baseline.B . strategy.C . procedure.D . policy.View AnswerAnswer: D Explanation: A policy is a high-level statement of an organization's beliefs, goals, roles and...