CISM - Information Security Governance, Strategy, Objectives & Metrics 2022/2023 100% (Verified)
B is the correct answer.
Justification
The task of
... [Show More] identifying business risk that affects the organization is assigned and acted on after establishing the need for creating the program.
In developing an information security management program, the first step is to establish the need for creating the program. This is a business decision based more on judgment than on any specific quantitative measures. The other choices are assigned and acted on after establishing the need.
The task of assigning responsibility for the program is assigned and acted on after establishing the need for creating the program.
The task of assessing the adequacy of existing controls is assigned and acted on after establishing the need for creating the program. - The FIRST step in developing an information security management program is to:
identify business risk that affects the organization.
establish the need for creating the program.
assign responsibility for the program.
assess adequacy of existing controls.
B is the correct answer.
Justification
Centralized information security management is generally less expensive to administer due to the economies of scale.
Centralization of information security management results in greater uniformity and better adherence to security policies.
With centralized information security management, information security is typically less responsive to specific business unit needs.
With centralized information security management, turnaround can be slower due to greater separation and more bureaucracy between the information security department and end users. - Which of the following is characteristic of centralized information security management?
More expensive to administer
Better adherence to policies
More aligned with business unit needs
Faster turnaround of requests
C is the correct answer.
Justification
Uniformity in quality of service tends to vary from unit to unit.
Adherence to policies is likely to vary considerably between various business units.
Decentralization of information security management generally results in better alignment to business unit needs because security management is closer to the end user.
Decentralization of information security management is generally more expensive to administer due to the lack of economies of scale. - Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?
More uniformity in quality of service
Better adherence to policies
Better alignment to business unit needs
More savings in total operating costs [Show Less]