21. When an organization hires a new information security manager, which of thefollowing goals should this individual pursue FIRST? Get answer to your question and much more 22. It is MOST important that information security architecture be aligned with which ofthe following? Get answer to your question and much more 23. Which of the following is MOST likely to be discretionary? Get answer to your question and much more 24. Security technologies should be selected PRIMARILY on the basis of their:A.ability to mitigate business risks.B.B. evaluations in trade publications.C.C. use of new and emerging technologies.A.D. benefits in comparison to their costs 25. Which of the following are seldom changed in response to technological changes? Get answer to your question and much more 26. The MOST important factor in planning for the long-term retention of electronicallystored business records is to take into account potential changes in: Get answer to your question and much more 27. Which of the following is characteristic of decentralized information securitymanagement across a geographically dispersed organization? Get answer to your question and much more The MOST important component of a privacy policy is:Options are :
Answer : notifications. CISM Information Security Governance Practice Test Set 4 Which of the following requirements would have the lowest level of priority in information security?Options are :
Answer : Technical Minimum standards for securing the technical infrastructure should be defined in a security:Options are :
Answer : architecture. Information security governance is PRIMARILY driven by:Options are :
Answer : business strategy. CISM Information Security Program Management Practice Exam Retention of business records should PRIMARILY be based on:Options are :
Answer : regulatory and legal requirements. The cost of implementing a security control should not exceed the:Options are :
Answer : asset value The PRIMARY goal in developing an information security strategy is to:Options are :
Answer : support the business objectives of the organization. CISM Information Risk Management Certification Which of the following represents the MAJOR focus of privacy regulationsOptions are :
Answer : Identifiable personal data Security technologies should be selected PRIMARILY on the basis of their:Options are :
Answer : ability to mitigate business risks Which of the following should be the FIRST step in developing an information security plan?Options are :
Answer : Analyze the current business strategy CISM Information Risk Management Certification When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?Options are :
Answer : Establish good communication with steering committee members Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:Options are :
Answer : organizational risk Which of the following is MOST appropriate for inclusion in an information security strategy?Options are :
Answer : Security processes, methods, tools and techniques CISM Information Risk Management Certification Senior management commitment and support for information security can BEST be enhanced through:Options are :
Answer : periodic review of alignment with business management goals Which of the following would be the MOST important goal of an information security governance program?Options are :
Answer : Ensuring trust in data Senior management commitment and support for information security can BEST be obtained through presentations that:Options are :
Answer : tie security risks to key business objectives. CISM Information Security Governance Practice Test Set 1 Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?Options are :
Answer : Chief operating officer (COO) Relationships among security technologies are BEST defined through which of the following?Options are :
Answer : Security architecture A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?Options are :
Answer : Perform a risk analysis to quantify the risk CISM Information Risk Management Certification Practice When a security standard conflicts with a business objective, the situation should be resolved by:Options are :
Answer : performing a risk analysis Which of the following is MOST likely to be discretionary?Options are :
Answer : Guidelines Investments in information security technologies should be based on:Options are :
Answer : value analysis CISM Information Security Governance Practice Test Set 4 Which of the following are seldom changed in response to technological changes?Options are :
Answer : Policies Acceptable levels of information security risk should be determined by:Options are :
Answer : die steering committee. It is MOST important that information security architecture be aligned with which of the following?Options are :
Answer : Business objectives and goals CISM Information Risk Management Certification Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?Options are :
Answer : Better alignment to business unit needs Which of the following would BEST ensure the success of information security governance within an organization?Options are :
Answer : Steering committees approve security projects The MOST appropriate role for senior management in supporting information security is the:Options are :
Answer : approval of policy statements and funding. CISM Information Security Governance Certification Practice Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?Options are :
Answer : Chief operating officer (COO) Which of the following roles would represent a conflict of interest for an information security manager?Options are :
Answer : Final approval of information security policies Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?Options are :
Answer : The data center manager has final signoff on all security projects. CISM Information Security Governance Practice Test Set 4 Successful implementation of information security governance will FIRST require:Options are :
Answer : updated security policies The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:Options are :
Answer : application systems and media. When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?Options are :
Answer : Develop policies that meet all mandated requirements Cism Information Security Program Development Practice Which of the following is characteristic of centralized information security management?Options are :
Answer : Better adherence to policies |