CISM exam

Which of the following is MOST important to the successful development of an information security strategy?A . An implemented development life cycle processB . A well-implemented governance frameworkC . Current state and desired objectivesD . Approved policies and standardsView AnswerAnswer: C

The PRIMARY reason an organization would require that users sign an acknowledgment of their system access responsibilities is to:A . assign accountability for transactions made with the user's IC . maintain compliance with industry best practices.D . serve as evidence of security awareness training.E . maintain an accurate record of...

Which of the following provides the MOST relevant evidence of incident response maturity?A . Red team testing resultsB . Average incident closure timeC . Independent audit assessmentD . Tabletop exercise resultsView AnswerAnswer: A

Which of the following is the MOST effective data loss control when connecting a personally owned mobile device to the corporate email system?A . Users must agree to allow the mobile device to be wiped if it is lostB . Email must be stored in an encrypted format on the...

Which of the following is the MOST important requirement for the successful implementation of security governance?A . Mapping to organizationalB . Implementing a security balanced scorecardC . Performance an enterprise-wide risk assessmentD . Aligning to an international security frameworkView AnswerAnswer: A

Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:A . has a clearly defined charier and meeting protocols.B . includes a mix of members from all levels of management.C . conducts frequent reviews of the security policy.D ....

A multinational organization wants to ensure its privacy program appropriately addresses privacy risk throughout its operations. Which of the following would be of MOST concern to senior management?A . The organization uses a decentralized privacy governance structureB . Privacy policies ire only reviewed annuallyC . The organization doe* not have...

Which of the following processes is the FIRST step in establishing an information security policy?A . Review of current global standardsB . Business risk assessmentC . Security controls evaluationD . Information security auditView AnswerAnswer: B

What should be information security manager’s FIRST course of action when it is discovered a staff member has been posting corporate information on social media sites?A . Asses the classification of the data posted.B . Implement controls to block the social media sites.C . Refer the staff member to the...

Which of the following is the BEST way for an information security manager to promote the integration of information security considerations into key business processes?A . Provide information security awareness training.B . Conduct a business impact analysis (BIA).C . Facilitate the creation of an information security steering groupD . Conduct...