Exam (elaborations)
Cism Exam B Questions And Answers Solved Correctly 100% To Pass!!
- Course
- Institution
QUESTIONS AND ANSWERS
[Show more]
Content preview
Cism Exam B Questions AndAnswers Solved Correctly 100% To
Pass!!
What is Informa.on Security Governance. Note there are 5 desired
outcomes:
1. Strategic alignment of informa.on security with business strategy
to support organiza.onal objec.ves
2. Risk management by execu.ng appropriate measures to manage
and mi.gate risks and reduce poten.al impacts on informa.on
resources to an
acceptable level
3. Resource management by u.lizing informa.on security knowledge
and infrastructure efficiently and effec.vely.
4. Performance measurement by measuring, monitoring and
repor.ng informa.on security governance metrics to ensure that
organiza.onal
objec.ves are achieved
5. Value delivery by op.mizing
Informa.on
Data endowed with meaning and purpose
Benefits from and effec.ve governance program
,1. Strategic Alignment
2. Risk Management
3. Value Delivery
4. Resource Op.miza.on
5 Performance measurement.
Strategic Alignment
Aligning info security with the business strategy by providing
guidance, develop security solu.on, and align investment with the
business strategy.
Risk Management
Is the process by which an organiza.on manages risk to acceptable
levels within acceptable tolerances, iden.fies poten.al risk and its
associated impacts, and priori.zes their mi.ga.on based on the
organiza.on's business objec.ves. Risk management develops and
deploys internal controls to manage and mi.gate risk throughout the
organiza.on.
Value Delivery
Op.mizing [security investments in support of business objec.ves].
1. Create a standard set of security prac.ces (baseline standards),
2. Security overheads maintained at minimum levels, ins.tu.onalize
and commodi.ze standard-based solu.on.
3. Understanding end-to-end business organiza.on. Con.nuous
improvement culture.
Resource Op.miza.on
,Using informa.on security knowledge and infrastructure efficiently
and effec.vely to:
1. Knowledge is captured
2. Document security process
3. Develop security architecture.
Performance measurement
Monitoring and repor.ng on Info Security process to ensure that
objec.ves are achieved, include:
1. Meaningful set of metrics are properly aligned with strategic
objec.ves
2. Iden.fy shortcoming
3. Independent audits
4. Iden.fy most useful matric from others
Integra.on
Assurance factors/func.ons and processes operate as intended from
end-to-end.
Who is responsible for Informa.on Security Governance
The Board of Directors and Execu.ve management.
What is management's responsibility
Establish and maintain a framework to guide the development and
management of a comprehensive Info Security Program.
Execu.ve management must be suppor.ve of the process and fully
understand and agree with the results from the Business Impact
, Analysis (BIA) since risk management decisions can o`en have a large
financial impact and require major changes. Risk management means
different things to different people, depending upon their role in the
organiza.on, so the input of execu.ve management is important to
the process.
The board of directors does not define informa.on security, but
provides direc.on in support of the business goals and objec.ves.
Execu.ve management holds overall responsibility for protec.on of
the informa.on assets. Rou.ne administra.on of all aspects of
security is delegated, but top management must retain overall
accountability. The security officer supports and implements
informa.on security for senior management. The end user does not
perform categoriza.on. The custodian supports and implements
informa.on security measures as directed.
Governance framework consist of:
1. Comprehensive security strategy linked to the business objec.ves
2. Complete set of standards for each policy
3. Security Organiza.on Structure
4. Ins.tu.onalized metric and monitoring processes.
[Is the responsibility of senior management and focuses on crea.ng
the mechanisms an organiza.on uses to ensure that personnel follow
established processes and procedures.]
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller EXEMPLARY1. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
77254 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now