CISM Exam (A GRADED)

Acceptable interruption window correct answers Max time a system can be unavailable before compromising business objectives. Acceptable use policy correct answers Policy agreement between users and the organization. Defines approved range of use for access to a network or the Internet Access c...

____________________ ______________________ will define the approach to achieving the security program outcomes management wants. It should also be a statement of how security aligns with and supports business objectives. It proved the basis for good security governance. correct answers Security str...

Resource allocation is crucial during incident triage as it assists in prioritization and categorization. Why would this be critical for most organizations when conducting triage? A. Most organizations have limited incident handling resources B. Categorization assists in mitigation C. Priori...

Information security governance is primarily driven by: correct answers Business strategy Who should drive the risk analysis for an organization? correct answers the Security Manager Who should be responsible for enforcing access rights to application data? correct answers Security administrat...

What would be the BEST security measure we could use to prevent data disclosure and data exfiltration? A) User authentication in all applications. B) Use very strong encryption. C) Use very strong key storage. D) Use very complex firewall rules. correct answers C) Use very strong key sto...

Which of the following is the primary step in control implementation for a new business application? correct answers D. Risk assessment When implementing an information security program, in which phase of the implementation should metrics be established to assess the effectiveness of the program ...

01. IT-related risk management activities are MOST effective when they are: a) treated as a distinct process b) conducted by the IT department c) communicated to all employees d) integrated within business processes correct answers Answer: d) integrated within business processes 02. A ri...

Which of the following steps should be FIRST in developing an information security plan? A. Perform a technical vulnerabilities assessment. B. Analyze the current business strategy. C. Perform a business impact analysis. Assessthecurrentlevelsofsecurityawareness. correct answers B. An informat...

B is the correct answer. Justification Procedures will support an information security policy, but this is not likely to have much impact on the culture of the organization. Because culture in an organization is a reflection of senior management whether intentional or accidental, only manag...

Opportunity Cost correct answers ______ Reflects the cost to the organization resulting from teh loss of a function Individual Business Managers correct answers _____ Are in the best position for determining the value of information assets. Gap analysis correct answers Measures current state v...

When contracting with an outsourcer to provide security administration, the MOST important contractual element is the: correct answers service level agreement (SLA). An outsource service provider must handle sensitive customer information. Which of the following is MOST important for an informati...

What certification focuses on information systems audit, control, and security professionals? Certified Information Security Manager (CISM) Certified Information Systems Auditor (CISA) Certified in the Governance of Enterprise IT (CGEIT) Certified in Risk and Information Systems Control (CRISC) ...

CH1: What are the 6 outcomes of Security Governance? correct answers 1. Strategic Alignment 2. Risk Management 3. Value Delivery 4. Resource Optimization 5. Performance Measurement 6 Assurance Process Integration CH1: A security strategy is important for an organization PRIMARILY because it:...

What organization offers a variety of security certifications that are focused on the requirements of auditors? correct answers ISACA Colin is a software developer. He would like to earn a credential that demonstrates to employers that he is well educated on software security issues. What certifi...