CISM Test Questions And Answers (Latest 2022-2023) Graded A
Which of the following tools is MOST appropriate for determining how long a security project
... [Show More] will take to implement? - Critical path
When speaking to an organization's human resources department about information security, an information security manager should focus on the need for: - security awareness training for employees.
Good information security standards should: - define precise and unambiguous allowable limits.
Which of the following should be the FIRST step in developing an information security plan? - Analyze the current business strategy
Senior management commitment and support for information security can BEST be obtained through presentations that: - tie security risks to key business objectives
The MOST appropriate role for senior management in supporting information security is the: - approval of policy statements and funding
Which of the following would BEST ensure the success of information security governance within an organization? - Steering committees approve security projects
Information security governance is PRIMARILY driven by: - business strategy
Which of the following represents the MAJOR focus of privacy regulations? - Identifiable personal data
Investments in information security technologies should be based on: - value analysis
Retention of business records should PRIMARILY be based on - regulatory and legal requirements
Which of the following is characteristic of centralized information security management? - Better adherence to policies
Successful implementation of information security governance will FIRST require: - updated security policies
Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group? - Chief operating officer (COO)
The MOST important component of a privacy policy is: - notifications
The cost of implementing a security control should not exceed the: - asset value
When a security standard conflicts with a business objective, the situation should be resolved by: - performing a risk analysis
Minimum standards for securing the technical infrastructure should be defined in a security: - architecture
Which of the following is MOST appropriate for inclusion in an information security strategy? - Security processes, methods, tools and techniques
Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing: - organizational risk
Which of the following roles would represent a conflict of interest for an information security manager? [Show Less]