CISM exam

To justify its ongoing security budget, which of the following would be of MOST use to the information security' department?A . Security breach frequencyB . Annualized loss expectancy (ALE)C . Cost-benefit analysisD . Peer group comparisonView AnswerAnswer: C Explanation: Cost-benefit analysis is the legitimate way to justify budget. The frequency...

Reviewing which of the following would BEST ensure that security controls are effective?A . Risk assessment policiesB . Return on security investmentC . Security metricsD . User access rightsView AnswerAnswer: C Explanation: Reviewing security metrics provides senior management a snapshot view and trends of an organization's security posture. Choice A...

Which of the following is MOST important in developing a security strategy?A . Creating a positive business security environmentB . Understanding key business objectivesC . Having a reporting line to senior managementD . Allocating sufficient resources to information securityView AnswerAnswer: B Explanation: Alignment with business strategy is of utmost importance....

The MOST useful way to describe the objectives in the information security strategy is through:A . attributes and characteristics of the 'desired state."B . overall control objectives of the security program.C . mapping the IT systems to key business processes.D . calculation of annual loss expectations.View AnswerAnswer: A Explanation: Security...

While implementing information security governance an organization should FIRST:A . adopt security standards.B . determine security baselines.C . define the security strategy.D . establish security policies.View AnswerAnswer: C Explanation: The first step in implementing information security governance is to define the security strategy based on which security baselines are determined....

What would be the MOST significant security risks when using wireless local area network (LAN) technology?A . Man-in-the-middle attackB . Spoofing of data packetsC . Rogue access pointD . Session hijackingView AnswerAnswer: C Explanation: A rogue access point masquerades as a legitimate access point The risk is that legitimate users...

When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?A . Create separate policies to address each regulationB . Develop policies that meet all mandated requirementsC . Incorporate policy statements provided by regulatorsD . Develop a compliance...

The PRIMARY concern of an information security manager documenting a formal data retention policy would be:A . generally accepted industry best practices.B . business requirements.C . legislative and regulatory requirements.D . storage availability.View AnswerAnswer: B Explanation: The primary concern will be to comply with legislation and regulation but only if...

From an information security manager perspective, what is the immediate benefit of clearly-defined roles and responsibilities?A . Enhanced policy complianceB . Improved procedure flowsC . Segregation of dutiesD . Better accountabilityView AnswerAnswer: D Explanation: Without well-defined roles and responsibilities, there cannot be accountability. Choice A is incorrect because policy compliance...

To justify the need to invest in a forensic analysis tool, an information security manager should FIRST:A . review the functionalities and implementation requirements of the solution.B . review comparison reports of tool implementation in peer companies.C . provide examples of situations where such a tool would be useful.D ....