Article 4 of 4 Part of: Prioritize information governance in content management
As strict privacy laws challenge organizations, information governance is the answer. This quiz can help business leaders test their knowledge of information governance basics.
If organizations want to optimize productivity, reduce storage costs and maintain compliance, they should implement an information governance plan.
Information governance is a set of processes, roles and tools that streamline information management, mitigate security risks, ensure regulatory compliance and make information accessible to those who need it. Poorly managed information can make documents and other digital resources difficult for workers to find. However, well-managed information can increase productivity and help workers search for relevant and up-to-date documents.
Information governance can also cut storage costs and help organizations remain compliant with privacy regulations, such as the European Union's GDPR and California's CCPA. Failure to adhere to compliance regulations can result in steep penalties and damage an organization's reputation.
Many organizations took on digital transformation projects throughout the 2010s, so the information governance market grew. Organizations that undergo digital transformation can collect and store more data than companies with physical repositories, so they require more elaborate information governance policies. Since the late 2010s, many organizations have completed simple information governance projects, such as digitizing paper documents, and shifted focus to data retention and cleansing projects.
As organizations store more data and customers increasingly demand stricter privacy laws, information governance becomes more critical. In fact, many organizations have added governance roles, such as chief information governance officer (CIGO), into their C-suites.
The following quiz can help business professionals test their knowledge of information governance basics.
Editor's note: This information governance quiz was originally written by Jonathan Gourley in 2011, and then updated and expanded by Tim Murphy in 2022.
Dig Deeper on Information management and governance
-
Information security quizzes to test your cybersecurity smarts
-
Free online cybersecurity classes, with certificates
-
Try this quiz on cybersecurity problems to earn CPE credit
By: Brenda Horrigan
-
Can you ace this quiz on cloud computing privacy issues?
By: (ISC) 2
Part of: Prioritize information governance in content management
Article 4 of 4
Senior management commitment and support for information security can BEST be obtained through presentations that:
Options are :
- explain the technical risks to the organization.
- use illustrative examples of successful attacks.
- tie security risks to key business objectives.
- evaluate the organization against best security practices.
Answer : tie security risks to key business objectives.
Cism Information Security Program Development Practice
Successful implementation of information security governance will FIRST require:Options are :
- a security architecture.
- a computer incident management team.
- updated security policies
- security awareness training
Answer : updated security policies
The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:Options are :
- regulatory and legal requirements.
- business strategy and direction.
- storage capacity and shelf life
- application systems and media.
Answer : application systems and media.
Which of the following are seldom changed in response to technological changes?Options are :
- Guidelines
- Policies
- .Procedures
- Standards
Answer : Policies
CISM Information Security Governance Certification Test
Which of the following roles would represent a conflict of interest for an information security manager?Options are :
- Monitoring adherence to physical security controls
- Final approval of information security policies
- Evaluation of third parties requesting connectivity
- Assessment of the adequacy of disaster recovery plans
Answer : Final approval of information security policies
Which of the following would be the MOST important goal of an information security governance program?Options are :
- Effective involvement in business decision making
- Review of internal control mechanisms
- Total elimination of risk factors
- Ensuring trust in data
Answer : Ensuring trust in data
Which of the following is MOST likely to be discretionary?Options are :
- Policies
- Guidelines
- Procedures
- Standards
Answer : Guidelines
CISM Information Security Program Management Practice Exam Set 5
Investments in information security technologies should be based on:Options are :
- vulnerability assessments.
- value analysis
- audit recommendations.
- business climate.
Answer : value analysis
When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?Options are :
- Benchmark peer organizations
- Assemble an experienced staff
- Establish good communication with steering committee members
- Develop a security architecture
Answer : Establish good communication with steering committee members
Retention of business records should PRIMARILY be based on:Options are :
- business ease and value analysis.
- business strategy and direction.
- storage capacity and longevity
- regulatory and legal requirements.
Answer : regulatory and legal requirements.
CISM Information Risk Management Certification Practice
Relationships among security technologies are BEST defined through which of the following?Options are :
- Process improvement models
- Security architecture
- Network topology
- Security metrics
Answer : Security architecture
It is MOST important that information security architecture be aligned with which of the following?Options are :
- Business objectives and goals
- Information security best practices
- Industry best practices
- Information technology plans
Answer : Business objectives and goals
The MOST appropriate role for senior management in supporting information security is the:Options are :
- assessment of risks to the organization.
- approval of policy statements and funding.
- evaluation of vendors offering security products.
- monitoring adherence to regulatory requirements.
Answer : approval of policy statements and funding.
CISM Information Risk Management Certification
Which of the following requirements would have the lowest level of priority in information security?Options are :
- Regulatory
- Technical
- Privacy
- Business
Answer : Technical
Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?Options are :
- Better alignment to business unit needs
- Better adherence to policies
- More savings in total operating costs
- More uniformity in quality of service
Answer : Better alignment to business unit needs
Information security governance is PRIMARILY driven by:Options are :
- regulatory requirements.
- business strategy.
- litigation potential
- technology constraints.
Answer : business strategy.
Cism Information Security Program Development Practice Exam
Which of the following is MOST appropriate for inclusion in an information security strategy?Options are :
- Security processes, methods, tools and techniques
- Business controls designated as key controls
- Firewall rule sets, network defaults and intrusion detection system (IDS) settings
- Budget estimates to acquire specific security tools
Answer : Security processes, methods, tools and techniques
Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?Options are :
- Legal counsel
- Information security manager
- Chief operating officer (COO)
- Internal auditor
Answer : Chief operating officer (COO)
Which of the following should be the FIRST step in developing an information security plan?Options are :
- Perform a business impact analysis
- Analyze the current business strategy
- Assess the current levels of security awareness
- Perform a technical vulnerabilities assessment
Answer : Analyze the current business strategy
CISM Information Security Governance Certified
Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?Options are :
- The chief information officer (CIO) approves security policy changes.
- The data center manager has final signoff on all security projects.
- The information security department has difficulty filling vacancies.
- The information security oversight committee only meets quarterly.
Answer : The data center manager has final signoff on all security projects.
Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?Options are :
- Chief legal counsel (CLC)
- Chief privacy officer (CPO)
- Chief security officer (CSO)
- Chief operating officer (COO)
Answer : Chief operating officer (COO)
Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:Options are :
- organizational risk
- the responsibilities of organizational units.
- organization wide metrics.
- security needs
Answer : organizational risk
CISM Information Security Program Management
The MOST important component of a privacy policy is:Options are :
- geographic coverage.
- liabilities.
- warranties
- notifications.
Answer : notifications.
Options are :
- Human rights protection D.
- Identifiable personal data
- Unrestricted data mining
- Identity theft
Answer : Identifiable personal data
Security technologies should be selected PRIMARILY on the basis of their:Options are :
- ability to mitigate business risks
- evaluations in trade publications.
- benefits in comparison to their costs.
- use of new and emerging technologies.
Answer : ability to mitigate business risks
CISM Information Security Governance Practice Test Set 4
Which of the following would BEST ensure the success of information security governance within an organization?Options are :
- Steering committees enforce compliance with laws and regulations
- Security policy training provided to all managers
- Security training available to all employees on the intranet
- Steering committees approve security projects
Answer : Steering committees approve security projects
The cost of implementing a security control should not exceed the:Options are :
- ost of an incident
- asset value
- implementation opportunity costs.
- annualized loss expectancy.
Answer : asset value
When a security standard conflicts with a business objective, the situation should be resolved by:Options are :
- changing the business objective
- changing the security standard.
- performing a risk analysis
- performing a risk analysis
Answer : performing a risk analysis
CISM Information Security Program Management Practice Exam
Minimum standards for securing the technical infrastructure should be defined in a security:Options are :
- architecture.
- model
- strategy
- guidelines.
Answer : architecture.
Which of the following is characteristic of centralized information security management?Options are :
- Better adherence to policies
- More expensive to administer
- Faster turnaround of requests
- More aligned with business unit needs
Answer : Better adherence to policies
The PRIMARY goal in developing an information security strategy is to:Options are :
- educate business process owners regarding their duties
- establish security metrics and performance monitoring.
- ensure that legal and regulatory requirements are met
- support the business objectives of the organization.
Answer : support the business objectives of the organization.
CISM Information Security Program Management Practice Exam Set 4
When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:Options are :
- based on the current rate of technological change.
- aligned with the IT strategic plan.
- three-to-five years for both hardware and software.
- aligned with the business strategy.
Answer : aligned with the business strategy.
Information security policy enforcement is the responsibility of the:Options are :
- chief information security officer (CISO).
- chief compliance officer (CCO).
- security steering committee
- chief information officer (CIO).
Answer : chief information security officer (CISO).