CISM exam

An outcome of effective security governance is:A . business dependency assessmentB . strategic alignment.C . risk assessment.D . planning.View AnswerAnswer: B Explanation: Business dependency assessment is a process of determining the dependency of a business on certain information resources. It is not an outcome or a product of effective security...

Investments in information security technologies should be based on:A . vulnerability assessments.B . value analysis.C . business climate.D . audit recommendations.View AnswerAnswer: B Explanation: Investments in security technologies should be based on a value analysis and a sound business case. Demonstrated value takes precedence over the current business climate because...

An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles?A . EthicsB . ProportionalityC . IntegrationD . AccountabilityView AnswerAnswer: B Explanation: Information security controls should be proportionate to the risks of modification, denial of...

A new regulation for safeguarding information processed by a specific type of transaction has come to the attention of an information security officer. The officer should FIRST:A . meet with stakeholders to decide how to comply.B . analyze key risks in the compliance process.C . assess whether existing controls meet...

In implementing information security governance, the information security manager is PRIMARILY responsible for:A . developing the security strategy.B . reviewing the security strategy.C . communicating the security strategy.D . approving the security strategyView AnswerAnswer: A Explanation: The information security manager is responsible for developing a security strategy based on business...

Logging is an example of which type of defense against systems compromise?A . ContainmentB . DetectionC . ReactionD . RecoveryView AnswerAnswer: B Explanation: Detection defenses include logging as well as monitoring, measuring, auditing, detecting viruses and intrusion. Examples of containment defenses are awareness, training and physical security defenses. Examples of...

Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?A . Alignment with industry best practicesB . Business continuity investmentC . Business benefitsD . Regulatory complianceView AnswerAnswer: D Explanation: Regulatory compliance can be a standalone driver for an information security...

What will have the HIGHEST impact on standard information security governance models?A . Number of employeesB . Distance between physical locationsC . Complexity of organizational structureD . Organizational budgetView AnswerAnswer: C Explanation: Information security governance models are highly dependent on the overall organizational structure. Some of the elements that impact...

A security manager meeting the requirements for the international flow of personal data will need to ensure:A . a data processing agreement.B . a data protection registration.C . the agreement of the data subjects.D . subject access procedures.View AnswerAnswer: C Explanation: Whenever personal data are transferred across national boundaries, the...

It is MOST important that information security architecture be aligned with which of the following?A . Industry best practicesB . Information technology plansC . Information security best practicesD . Business objectives and goalsView AnswerAnswer: D Explanation: Information security architecture should always be properly aligned with business goals and objectives. Alignment...