search

Senior management commitment and support for information security can BEST be enhanced through

1 anos atrás
Comentários: 0
Visualizações: 42

Senior management commitment and support for information security can BEST be enhanced through:
A. a formal security policy sponsored by the chief executive officer (CEO).
B. regular security awareness training for employees.
C. periodic review of alignment with business management goals.
D. senior management signoff on the information security strategy.

Correct Answer: C Explanation/Reference:

Explanation:


Ensuring that security activities continue to be aligned and support business goals is critical to obtaining their support. Although having the chief executive officer (CEO) signoff on the security policy and senior management signoff on the security strategy makes for good visibility and demonstrates good tone at the top, it is a one-time discrete event that may be quickly forgotten by senior management. Security awareness training for employees will not have as much effect on senior management commitment.

Try the new Google Books

Check out the new look and enjoy easier access to your favorite features

Senior management commitment and support for information security can BEST be enhanced through

Which of the following is the MOST important prerequisite for establishing information security management within an organization?


Options are :

  • Senior management commitment
  • Information security framework
  • Information security policy
  • Information security organizational structure

Answer : Senior management commitment

Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?


Options are :

  • Suggest new IT controls to mitigate operational risk
  • Demonstrate that IT mitigating controls are in place
  • Ensure that all IT risks are identified
  • Evaluate the impact of information security risks

Answer : Evaluate the impact of information security risks

CISM Information Security Program Management Practice Exam Set 2


Options are :

  • Assign an information security administrator as regulatory liaison
  • Assess previous regulatory reports with process owners input
  • Ensure all regulatory inquiries are sanctioned by the legal department
  • Perform self-assessments using regulatory guidelines and reports

Answer : Perform self-assessments using regulatory guidelines and reports

Information security policy enforcement is the responsibility of the:


Options are :

  • chief information security officer (CISO).
  • chief compliance officer (CCO).
  • chief information officer (CIO).
  • security steering committee

Answer : chief information security officer (CISO).

Who is ultimately responsible for the organization's information?


Options are :

  • Chief information officer (CIO)
  • Board of directors
  • Data custodian
  • Chief information security officer (CISO)

Answer : Board of directors

CISM Information Security Program Management Test


Options are :

  • Distance between physical locations
  • Number of employees
  • Organizational budget
  • Complexity of organizational structure

Answer : Complexity of organizational structure

Which of the following is the MOST important information to include in a strategic plan for information security?


Options are :

  • Information security staffing requirements
  • IT capital investment requirements
  • information security mission statement
  • Current state and desired future state

Answer : Current state and desired future state

An internal audit has identified major weaknesses over IT processing. Which of the following should an information security manager use to BEST convey a sense of urgency to management?


Options are :

  • Security metrics reports
  • Risk assessment reports
  • Return on security investment report
  • Business impact analysis (BIA)

Answer : Risk assessment reports

CISM Information Risk Management Certification


Options are :

  • generally accepted industry best practices.
  • legislative and regulatory requirements.
  • storage availability.
  • business requirements

Answer : business requirements

The PRIMARY objective of a security steering group is to:


Options are :

  • raise information security awareness across the organization.
  • implement all decisions on security management across the organization.
  • ensure information security aligns with business goals.
  • ensure information security covers all business functions

Answer : ensure information security aligns with business goals.

While implementing information security governance an organization should FIRST:


Options are :

  • establish security policies.
  • adopt security standards.
  • determine security baselines.
  • define the security strategy.

Answer : define the security strategy.

CISM Information Security Governance Practice Test Set 1


Options are :

  • Develop an information security strategy paper
  • Approve access to critical financial systems
  • Conduct disaster recovery test exercises
  • Update platform-level security settings

Answer : Develop an information security strategy paper

Which of the following is the MOST important information to include in an information security standard?


Options are :

  • Last review date
  • Author name
  • Creation date
  • Initial draft approval date

Answer : Last review date

What is the PRIMARY role of the information security manager in the process of information classification within an organization?


Options are :

  • Securing information assets in accordance with their classification
  • Defining and ratifying the classification structure of information assets
  • Checking if information assets have been classified properly
  • Deciding the classification levels applied to the organization's information assets

Answer : Defining and ratifying the classification structure of information assets

CISM Information Risk Management Certification Practice


Options are :

  • three-to-five years for both hardware and software.
  • aligned with the IT strategic plan.
  • aligned with the business strategy.
  • based on the current rate of technological change.

Answer : aligned with the business strategy.

Which of the following would be MOST effective in successfully implementing restrictive password policies?


Options are :

  • Regular password audits
  • Security awareness program
  • Single sign-on system
  • Penalties for noncompliance

Answer : Security awareness program

Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:


Options are :

  • baseline
  • policy
  • procedure.
  • strategy

Answer : policy

CISM Information Security Governance Practice Test Set 1


Options are :

  • Security metrics
  • User access rights
  • Return on security investment
  • Risk assessment policies

Answer : Security metrics

Which of the following is MOST important in developing a security strategy?


Options are :

  • Having a reporting line to senior management
  • Creating a positive business security environment
  • Allocating sufficient resources to information security
  • Understanding key business objectives

Answer : Understanding key business objectives

A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be of MOST value?


Options are :

  • Statement of generally accepted best practices
  • Examples of genuine incidents at similar organizations
  • Associating realistic threats to corporate objectives
  • Analysis of current technological exposures

Answer : Associating realistic threats to corporate objectives

CISM Information Risk Management Certification


Options are :

  • Perform a technical vulnerabilities assessment
  • Assess the current levels of security awareness
  • Analyze the current business strategy
  • Perform a business impact analysis

Answer : Analyze the current business strategy

CISM Incident Management and Response Practice Exam


Options are :

  • The chief information officer (CIO) approves security policy changes.
  • The information security department has difficulty filling vacancies.
  • The data center manager has final signoff on all security projects.
  • The information security oversight committee only meets quarterly.

Answer : The data center manager has final signoff on all security projects.

The MOST appropriate role for senior management in supporting information security is the:


Options are :

  • monitoring adherence to regulatory requirements.
  • approval of policy statements and funding.
  • evaluation of vendors offering security products.
  • assessment of risks to the organization.

Answer : approval of policy statements and funding.

Senior management commitment and support for information security can BEST be enhanced through:


Options are :

  • a formal security policy sponsored by the chief executive officer (CEO).
  • senior management signoff on the information security strategy
  • regular security awareness training for employees.
  • periodic review of alignment with business management goals

Answer : periodic review of alignment with business management goals

CISM Information Security Program Management Practice Exam Set 5


Options are :

  • Legal counsel
  • Information security manager
  • Chief operating officer (COO)
  • Internal auditor

Answer : Chief operating officer (COO)

Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?


Options are :

  • Ability to manage a diverse group of individuals and resources across an organization
  • Knowledge of the regulatory environment and project management techniques
  • Ability to understand and map organizational needs to security technologies
  • Knowledge of information technology platforms, networks and development methodologie

Answer : Ability to understand and map organizational needs to security technologies

Which of the following would BEST ensure the success of information security governance within an organization?


Options are :

  • Security policy training provided to all managers
  • Steering committees approve security projects
  • Security training available to all employees on the intranet
  • Steering committees enforce compliance with laws and regulations

Answer : Steering committees approve security projects

CISM Certified Information Security Manager Test Practice


Options are :

  • Establish good communication with steering committee members
  • Assemble an experienced staff
  • Develop a security architecture
  • Benchmark peer organizations

Answer : Establish good communication with steering committee members

Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:


Options are :

  • security needs
  • organization wide metrics.
  • organizational risk
  • the responsibilities of organizational units.

Answer : organizational risk

When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?


Options are :

  • Develop a compliance risk assessment
  • Develop policies that meet all mandated requirements
  • Incorporate policy statements provided by regulators
  • Create separate policies to address each regulation

Answer : Develop policies that meet all mandated requirements

Reviews Best

Postagens relacionadas

Which of the following is a process of altering the existing schemas in order to deal with new objects or information?
Which of the following is a process of altering the existing schemas in order to deal with new objects or information?

Which of the following audit procedure is best for identifying and recorded trade accounts payable?
Which of the following audit procedure is best for identifying and recorded trade accounts payable?

Which of the following means to examine and review a group of patient records for completeness and accuracy?
Which of the following means to examine and review a group of patient records for completeness and accuracy?

What is the best advice the nurse can offer a parent concerned because her 2-year-old is very active and does not eat much?
What is the best advice the nurse can offer a parent concerned because her 2-year-old is very active and does not eat much?

What is ryan toysreview roblox username
What is ryan toysreview roblox username

Which response provides the best description for proper hand washing?
Which response provides the best description for proper hand washing?

Which best describes the purpose of the assessment protocol for Excellence in Public health apex ph )?
Which best describes the purpose of the assessment protocol for Excellence in Public health apex ph )?

Which of the following best describes the action of a nurse who documents her nursing diagnosis?
Which of the following best describes the action of a nurse who documents her nursing diagnosis?

Which is the best example of cultural diffusion?
Which is the best example of cultural diffusion?

Which of the following best describes community-based nursing a practice in which care is provided for individuals and families?
Which of the following best describes community-based nursing a practice in which care is provided for individuals and families?

Publicidade

ÚLTIMAS NOTÍCIAS

Which of the following information does a hyper-v resource metering record choose all that apply
1 anos atrás . por AdvisableDiploma
What is a reason given for the declining perceived advantage of marriage
1 anos atrás . por IntuitiveDialect
Which of the following tasks are typically performed following a windows server 2022 installation?
1 anos atrás . por HauntingMutation
List the order of group policy processing, starting with the policies, which are processed first.
1 anos atrás . por DuskyWindfall
Can build a wall in 50 hours how many workers will be required to do the same work in 40 hours?
1 anos atrás . por MedianFiring
Which of the following vitamins are absorbed along with fats and stored in the bodys fatty tissue and in the liver?
1 anos atrás . por WantingSnapshot
During the late 19th century, which of the following groups most benefited from the poverty
1 anos atrás . por GloomySchoolboy
What type of decision is the following: should we fire an employee who is perpetually late?
1 anos atrás . por IntentSquid
What criterion that differentiates the products or services of one firm from those of another?
1 anos atrás . por LameDiscord
How to create a Public Profile on Snapchat 2022 iphone
1 anos atrás . por GargantuanRegulator

Toplistas

#1
Top 5 eu agradeço eu agradeço eu agradeço eu agradeço 2022
2 anos atrás
#2
Top 5 entrar no site da uol 2022
2 anos atrás
#3
Top 9 resultado do jogo do bicho de ontem pt 2022
2 anos atrás
#4
Top 8 o que significa a palavra good 2022
2 anos atrás
#5
Top 7 casamento de 20 anos 2022
2 anos atrás
#6
Top 8 com base nessa imagem, as pessoas que integraram o movimento ludista, no século xix, buscavam 2022
1 anos atrás
#7
Top 6 foi se o tempo em que a economia 2022
1 anos atrás
#8
Top 8 mensagem fofa para melhor amiga 2022
2 anos atrás
#9
Top 4 nome dos dedos fura bolo 2022
2 anos atrás
#10
Top 6 independencia do brasil resumo para 2 ano fundamental 2022
2 anos atrás

Publicidade

Populer

Publicidade

Sobre

Jurídica

Ajuda

Social

direito autoral © 2024 aprendervalor Inc.