Which of the following tools is MOST appropriate for determining how long a security project will take to implement? - Answer Critical path
When speaking to an organization's human resources department about information security, an information security manager should focus on the need for: - An...
CISM Test Question Bank Solved 100%
Which of the following tools is MOST appropriate for determining how long a security project will take to
implement? - Answer Critical path
When speaking to an organization's human resources department about information security, an information security manager should focus on the need for: - Answer security awareness training for employees.
Good information security standards should: - Answer define precise and unambiguous allowable limits.
Which of the following should be the FIRST step in developing an information security plan? - Answer Analyze the current business strategy
Senior management commitment and support for information security can BEST be obtained through presentations that: - Answer tie security risks to key business objectives
The MOST appropriate role for senior management in supporting information security is the: - Answer approval of policy statements and funding
Which of the following would BEST ensure the success of information security governance within an organization? - Answer Steering committees approve security projects
Information security governance is PRIMARILY driven by: - Answer business strategy
Which of the following represents the MAJOR focus of privacy regulations? - Answer Identifiable personal data
Investments in information security technologies should be based on: - Answer value analysis Retention of business records should PRIMARILY be based on - Answer regulatory and legal requirements
Which of the following is characteristic of centralized information security management? - Answer Better
adherence to policies
Successful implementation of information security governance will FIRST require: - Answer updated security policies
Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group? - Answer Chief operating officer (COO)
The MOST important component of a privacy policy is: - Answer notifications
The cost of implementing a security control should not exceed the: - Answer asset value
When a security standard conflicts with a business objective, the situation should be resolved by: - Answer performing a risk analysis
Minimum standards for securing the technical infrastructure should be defined in a security: - Answer architecture
Which of the following is MOST appropriate for inclusion in an information security strategy? - Answer Security processes, methods, tools and techniques
Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing: - Answer organizational risk
Which of the following roles would represent a conflict of interest for an information security manager? -
Answer Final approval of information security policies
Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization? - Answer The data center manager has final signoff on all security projects
Which of the following requirements would have the lowest level of priority in information security? - Answer Technical
When an organization hires a new information security manager, which of the following goals should this
individual pursue FIRST? - Answer Establish good communication with steering committee members
It is MOST important that information security architecture be aligned with which of the following? - Answer Business goals and objectives
Which of the following is MOST likely to be discretionary? - Answer Guidelines
Security technologies should be selected PRIMARILY on the basis of their: - Answer ability to mitigate business risks
Which of the following are seldom changed in response to technological changes? - Answer Policies
The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in: - Answer application systems and media
Which of the following is characteristic of decentralized information security management across a geographically dispersed organization? - Answer Better alignment to business unit needs
Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise? - Answer Chief operating officer (COO)
Which of the following would be the MOST important goal of an information security governance program? - Answer Ensuring trust in data Relationships among security technologies are BEST defined through which of the following? - Answer Security architecture
A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take? - Answer Perform a risk analysis to quantify the risk
Acceptable levels of information security risk should be determined by: - Answer die steering committee
The PRIMARY goal in developing an information security strategy is to: - Answer support the business objectives of the organization
Senior management commitment and support for information security can BEST be enhanced through: - Answer periodic review of alignment with business management goals
When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies? - Answer Develop policies that meet all mandated requirements
Which of the following MOST commonly falls within the scope of an information security governance steering committee? - Answer Prioritizing information security initiatives
Which of the following is the MOST important factor when designing information security architecture? -
Answer Stakeholder requirements
Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)? - Answer Ability to understand and map organizational needs to security technologies
Which of the following are likely to be updated MOST frequently? - Answer Procedures for hardening database servers
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Grademasters. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $11.49. You're not tied to anything after your purchase.