Article 4 of 4 Part of: Prioritize information governance in content management As strict privacy laws challenge organizations, information governance is the answer. This quiz can help business leaders test their knowledge of information governance basics.If organizations want to optimize productivity, reduce storage costs and maintain compliance, they should implement an information governance plan. Information governance is a set of processes, roles and tools that streamline information management, mitigate security risks, ensure regulatory compliance and make information accessible to those who need it. Poorly managed information can make documents and other digital resources difficult for workers to find. However, well-managed information can increase productivity and help workers search for relevant and up-to-date documents. Information governance can also cut storage costs and help organizations remain compliant with privacy regulations, such as the European Union's GDPR and California's CCPA. Failure to adhere to compliance regulations can result in steep penalties and damage an organization's reputation. Many organizations took on digital transformation projects throughout the 2010s, so the information governance market grew. Organizations that undergo digital transformation can collect and store more data than companies with physical repositories, so they require more elaborate information governance policies. Since the late 2010s, many organizations have completed simple information governance projects, such as digitizing paper documents, and shifted focus to data retention and cleansing projects. As organizations store more data and customers increasingly demand stricter privacy laws, information governance becomes more critical. In fact, many organizations have added governance roles, such as chief information governance officer (CIGO), into their C-suites. The following quiz can help business professionals test their knowledge of information governance basics. Editor's note: This information governance quiz was originally written by Jonathan Gourley in 2011, and then updated and expanded by Tim Murphy in 2022. Dig Deeper on Information management and governance
Part of: Prioritize information governance in content management Article 4 of 4 Senior management commitment and support for information security can BEST be obtained through presentations that:Options are :
Answer : tie security risks to key business objectives. Cism Information Security Program Development Practice Successful implementation of information security governance will FIRST require:Options are :
Answer : updated security policies The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:Options are :
Answer : application systems and media. Which of the following are seldom changed in response to technological changes?Options are :
Answer : Policies CISM Information Security Governance Certification Test Which of the following roles would represent a conflict of interest for an information security manager?Options are :
Answer : Final approval of information security policies Which of the following would be the MOST important goal of an information security governance program?Options are :
Answer : Ensuring trust in data Which of the following is MOST likely to be discretionary?Options are :
Answer : Guidelines CISM Information Security Program Management Practice Exam Set 5 Investments in information security technologies should be based on:Options are :
Answer : value analysis When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?Options are :
Answer : Establish good communication with steering committee members Retention of business records should PRIMARILY be based on:Options are :
Answer : regulatory and legal requirements. CISM Information Risk Management Certification Practice Relationships among security technologies are BEST defined through which of the following?Options are :
Answer : Security architecture It is MOST important that information security architecture be aligned with which of the following?Options are :
Answer : Business objectives and goals The MOST appropriate role for senior management in supporting information security is the:Options are :
Answer : approval of policy statements and funding. CISM Information Risk Management Certification Which of the following requirements would have the lowest level of priority in information security?Options are :
Answer : Technical Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?Options are :
Answer : Better alignment to business unit needs Information security governance is PRIMARILY driven by:Options are :
Answer : business strategy. Cism Information Security Program Development Practice Exam Which of the following is MOST appropriate for inclusion in an information security strategy?Options are :
Answer : Security processes, methods, tools and techniques Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?Options are :
Answer : Chief operating officer (COO) Which of the following should be the FIRST step in developing an information security plan?Options are :
Answer : Analyze the current business strategy CISM Information Security Governance Certified Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?Options are :
Answer : The data center manager has final signoff on all security projects. Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?Options are :
Answer : Chief operating officer (COO) Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:Options are :
Answer : organizational risk CISM Information Security Program Management The MOST important component of a privacy policy is:Options are :
Answer : notifications. Which of the following represents the MAJOR focus of privacy regulationsOptions are :
Answer : Identifiable personal data Security technologies should be selected PRIMARILY on the basis of their:Options are :
Answer : ability to mitigate business risks CISM Information Security Governance Practice Test Set 4 Which of the following would BEST ensure the success of information security governance within an organization?Options are :
Answer : Steering committees approve security projects The cost of implementing a security control should not exceed the:Options are :
Answer : asset value When a security standard conflicts with a business objective, the situation should be resolved by:Options are :
Answer : performing a risk analysis CISM Information Security Program Management Practice Exam Minimum standards for securing the technical infrastructure should be defined in a security:Options are :
Answer : architecture. Which of the following is characteristic of centralized information security management?Options are :
Answer : Better adherence to policies The PRIMARY goal in developing an information security strategy is to:Options are :
Answer : support the business objectives of the organization. CISM Information Security Program Management Practice Exam Set 4 When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:Options are :
Answer : aligned with the business strategy. Information security policy enforcement is the responsibility of the:Options are :
Answer : chief information security officer (CISO). What is the most important goal of information security governance?The goal of information security governance is to align business and IT strategies with organizational objectives.
Which of the following falls within the scope of an information security governance committee?Which of the following MOST commonly falls within the scope of an information security governance steering committee? Prioritizing information security initiatives is the only appropriate item.
What is our information security governance primarily driven by?Information security governance is PRIMARILY driven by:
business strategy.
|