CISM exam

The MOST basic requirement for an information security governance program is to:A . be aligned with the corporate business strategy.B . be based on a sound risk management approach.C . provide adequate regulatory compliance.D . provide best practices for security- initiatives.View AnswerAnswer: A Explanation: To receive senior management support, an...

The chief information security officer (CISO) should ideally have a direct reporting relationship to the:A . head of internal audit.B . chief operations officer (COO).C . chief technology officer (CTO).D . legal counsel.View AnswerAnswer: B Explanation: The chief information security officer (CISO) should ideally report to as high a level...

In order to highlight to management, the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:A . prepare a security budget.B . conduct a risk assessment.C . develop an information security policy.D . obtain benchmarking information.View AnswerAnswer: B Explanation: Risk assessment, evaluation...

When designing an information security quarterly report to management, the MOST important element to be considered should be the:A . information security metrics.B . knowledge required to analyze each issue.C . linkage to business area objectives.D . baseline against which metrics are evaluated.View AnswerAnswer: C Explanation: The link to business...

Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?A . The information security department has difficulty filling vacancies.B . The chief information officer (CIO) approves security policy changes.C . The information security oversight committee only meets quarterly.D . The data center...

The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:A . storage capacity and shelf life.B . regulatory and legal requirements.C . business strategy and direction.D . application systems and media.View AnswerAnswer: D Explanation: Long-term retention of...

The PRIMARY goal in developing an information security strategy is to:A . establish security metrics and performance monitoring.B . educate business process owners regarding their duties.C . ensure that legal and regulatory requirements are metD . support the business objectives of the organization.View AnswerAnswer: D Explanation: The business objectives of...

When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:A . aligned with the IT strategic plan.B . based on the current rate of technological change.C . three-to-five years for both hardware and software.D . aligned with the business strategy.View...

Senior management commitment and support for information security can BEST be enhanced through:A . a formal security policy sponsored by the chief executive officer (CEO).B . regular security awareness training for employees.C . periodic review of alignment with business management goals.D . senior management signoff on the information security strategy.View...

Information security policy enforcement is the responsibility of the:A . security steering committee.B . chief information officer (CIO).C . chief information security officer (CISO).D . chief compliance officer (CCO).View AnswerAnswer: C Explanation: Information security policy enforcement is the responsibility of the chief information security officer (CISO), first and foremost. The...