Show
Question 61Which of the following BEST indicates an effective vulnerability management program? Question 62Which of the following would help management determine the resources needed to mitigate a risk to the organization? Question 63Which of the following would BEST ensure the success of information security governance within an organization? Question 64Of the following, the BEST method for ensuring that temporary employees do not receive excessive access rights is: Question 65There is a time lag between the time when a security vulnerability is first published, and the time when a patch is delivered. Which of the following should be carried out FIRST to mitigate the risk during this time period? Which of the following BEST demonstrates that an organization supports information security governance? A. Employees attend annual organization-wide security training. B. Information security steering committee meetings are held regularly. C. Information security policies are readily available to employees. D. The incident response plan is documented and tested regularly. Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization? A. The information security department has difficulty filling vacancies. B. The chief information officer (CIO) approves security policy changes. C. The information security oversight committee only meets quarterly. D. The data center manager has final signoff on all security projects. The MOST important component of a privacy policy is:Options are :
Answer : notifications. CISM Information Security Governance Practice Test Set 4 Which of the following requirements would have the lowest level of priority in information security?Options are :
Answer : Technical Minimum standards for securing the technical infrastructure should be defined in a security:Options are :
Answer : architecture. Information security governance is PRIMARILY driven by:Options are :
Answer : business strategy. CISM Information Security Program Management Practice Exam Retention of business records should PRIMARILY be based on:Options are :
Answer : regulatory and legal requirements. The cost of implementing a security control should not exceed the:Options are :
Answer : asset value The PRIMARY goal in developing an information security strategy is to:Options are :
Answer : support the business objectives of the organization. CISM Information Risk Management Certification Which of the following represents the MAJOR focus of privacy regulationsOptions are :
Answer : Identifiable personal data Security technologies should be selected PRIMARILY on the basis of their:Options are :
Answer : ability to mitigate business risks Which of the following should be the FIRST step in developing an information security plan?Options are :
Answer : Analyze the current business strategy CISM Information Risk Management Certification When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?Options are :
Answer : Establish good communication with steering committee members Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:Options are :
Answer : organizational risk Which of the following is MOST appropriate for inclusion in an information security strategy?Options are :
Answer : Security processes, methods, tools and techniques CISM Information Risk Management Certification Senior management commitment and support for information security can BEST be enhanced through:Options are :
Answer : periodic review of alignment with business management goals Which of the following would be the MOST important goal of an information security governance program?Options are :
Answer : Ensuring trust in data Senior management commitment and support for information security can BEST be obtained through presentations that:Options are :
Answer : tie security risks to key business objectives. CISM Information Security Governance Practice Test Set 1 Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?Options are :
Answer : Chief operating officer (COO) Relationships among security technologies are BEST defined through which of the following?Options are :
Answer : Security architecture A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?Options are :
Answer : Perform a risk analysis to quantify the risk CISM Information Risk Management Certification Practice When a security standard conflicts with a business objective, the situation should be resolved by:Options are :
Answer : performing a risk analysis Which of the following is MOST likely to be discretionary?Options are :
Answer : Guidelines Investments in information security technologies should be based on:Options are :
Answer : value analysis CISM Information Security Governance Practice Test Set 4 Which of the following are seldom changed in response to technological changes?Options are :
Answer : Policies Acceptable levels of information security risk should be determined by:Options are :
Answer : die steering committee. It is MOST important that information security architecture be aligned with which of the following?Options are :
Answer : Business objectives and goals CISM Information Risk Management Certification Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?Options are :
Answer : Better alignment to business unit needs Which of the following would BEST ensure the success of information security governance within an organization?Options are :
Answer : Steering committees approve security projects The MOST appropriate role for senior management in supporting information security is the:Options are :
Answer : approval of policy statements and funding. CISM Information Security Governance Certification Practice Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?Options are :
Answer : Chief operating officer (COO) Which of the following roles would represent a conflict of interest for an information security manager?Options are :
Answer : Final approval of information security policies Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?Options are :
Answer : The data center manager has final signoff on all security projects. CISM Information Security Governance Practice Test Set 4 Successful implementation of information security governance will FIRST require:Options are :
Answer : updated security policies The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:Options are :
Answer : application systems and media. When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?Options are :
Answer : Develop policies that meet all mandated requirements Cism Information Security Program Development Practice Which of the following is characteristic of centralized information security management?Options are :
Answer : Better adherence to policies Which of the following would be the most important goal of an information security governance program?Which of the following would be the MOST important goal of an information security governance program? The development of trust in the integrity of information among stakeholders should be the primary goal of information security governance.
Which of the following should be reviewed to ensure that security controls are effective?Reviewing which of the following would BEST ensure that security controls are effective? Explanation: Reviewing security metrics provides senior management a snapshot view and trends of an organizations security posture.
What is our information security governance primarily driven by?Information security governance is PRIMARILY driven by:
business strategy.
Which of the following should be included in the information security strategy?The following list offers some important considerations when developing an information security policy.. Purpose. ... . Audience. ... . Information security objectives. ... . Authority and access control policy. ... . Data classification. ... . Data support and operations. ... . Security awareness and behavior. ... . Encryption policy.. |