Tag - CISM exam

Which of the following is the MOST important prerequisite for establishing information security management within an organization?A . Senior management commitmentB . Information security frameworkC . Information security organizational structureD . Information security policyView AnswerAnswer: A Explanation: Senior management commitment is necessary in order for each of the other elements...

An information security manager at a global organization has to ensure that the local information security program will initially ensure compliance with the:A . corporate data privacy policy.B . data privacy policy where data are collected.C . data privacy policy of the headquarters' country.D . data privacy directive applicable globally.View...

Which of the following is the MOST important information to include in an information security standard?A . Creation dateB . Author nameC . Initial draft approval dateD . Last review dateView AnswerAnswer: D Explanation: The last review date confirms the currency of the standard, affirming that management has reviewed the...

What is the PRIMARY role of the information security manager in the process of information classification within an organization?A . Defining and ratifying the classification structure of information assetsB . Deciding the classification levels applied to the organization's information assetsC . Securing information assets in accordance with their classificationD ....

Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?A . Information security managerB . Chief operating officer (COO)C . Internal auditorD . Legal counselView AnswerAnswer: B Explanation: The chief operating officer (COO) is highly-placed within an organization and...

Which of the following should be the FIRST step in developing an information security plan?A . Perform a technical vulnerabilities assessmentB . Analyze the current business strategyC . Perform a business impact analysisD . Assess the current levels of security awarenessView AnswerAnswer: B Explanation: Prior to assessing technical vulnerabilities or...

The MOST appropriate role for senior management in supporting information security is the:A . evaluation of vendors offering security products.B . assessment of risks to the organization.C . approval of policy statements and funding.D . monitoring adherence to regulatory requirements.View AnswerAnswer: C Explanation: Since the members of senior management are...

When developing an information security program, what is the MOST useful source of information for determining available resources?A . Proficiency testB . Job descriptionsC . Organization chartD . Skills inventoryView AnswerAnswer: D Explanation: A skills inventory would help identify- the available resources, any gaps and the training requirements for developing...

Information security governance is PRIMARILY driven by:A . technology constraints.B . regulatory requirements.C . litigation potential.D . business strategy.View AnswerAnswer: D Explanation: Governance is directly tied to the strategy and direction of the business. Technology constraints, regulatory requirements and litigation potential are all important factors, but they are necessarily in...

Which of the following is MOST likely to be discretionary?A . PoliciesB . ProceduresC . GuidelinesD . StandardsView AnswerAnswer: C Explanation: Policies define security goals and expectations for an organization. These are defined in more specific terms within standards and procedures. Standards establish what is to be done while procedures...