Senior management commitment and support for information security can BEST be enhanced through: Correct Answer: C Explanation/Reference: Explanation: Ensuring that security activities continue to be aligned and support business goals is critical to obtaining their support. Although having the chief executive officer (CEO) signoff on the security policy and senior management signoff on the security strategy makes for good visibility and demonstrates good tone at the top, it is a one-time discrete event that may be quickly forgotten by senior management. Security awareness training for employees will not have as much effect on senior management commitment. Which of the following is the MOST important prerequisite for establishing information security management within an organization?
Answer : Senior management commitment Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?
Answer : Evaluate the impact of information security risks CISM Information Security Program Management Practice Exam Set 2
Answer : Perform self-assessments using regulatory guidelines and reports Information security policy enforcement is the responsibility of the:
Answer : chief information security officer (CISO). Who is ultimately responsible for the organization's information?
Answer : Board of directors CISM Information Security Program Management Test
Answer : Complexity of organizational structure Which of the following is the MOST important information to include in a strategic plan for information security?
Answer : Current state and desired future state An internal audit has identified major weaknesses over IT processing. Which of the following should an information security manager use to BEST convey a sense of urgency to management?
Answer : Risk assessment reports CISM Information Risk Management Certification
Answer : business requirements The PRIMARY objective of a security steering group is to:
Answer : ensure information security aligns with business goals. While implementing information security governance an organization should FIRST:
Answer : define the security strategy. CISM Information Security Governance Practice Test Set 1
Answer : Develop an information security strategy paper Which of the following is the MOST important information to include in an information security standard?
Answer : Last review date What is the PRIMARY role of the information security manager in the process of information classification within an organization?
Answer : Defining and ratifying the classification structure of information assets CISM Information Risk Management Certification Practice
Answer : aligned with the business strategy. Which of the following would be MOST effective in successfully implementing restrictive password policies?
Answer : Security awareness program Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:
Answer : policy CISM Information Security Governance Practice Test Set 1
Answer : Security metrics Which of the following is MOST important in developing a security strategy?
Answer : Understanding key business objectives A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be of MOST value?
Answer : Associating realistic threats to corporate objectives CISM Information Risk Management Certification
Answer : Analyze the current business strategy CISM Incident Management and Response Practice Exam
Answer : The data center manager has final signoff on all security projects. The MOST appropriate role for senior management in supporting information security is the:
Answer : approval of policy statements and funding. Senior management commitment and support for information security can BEST be enhanced through:
Answer : periodic review of alignment with business management goals CISM Information Security Program Management Practice Exam Set 5
Answer : Chief operating officer (COO) Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?
Answer : Ability to understand and map organizational needs to security technologies Which of the following would BEST ensure the success of information security governance within an organization?
Answer : Steering committees approve security projects CISM Certified Information Security Manager Test Practice
Answer : Establish good communication with steering committee members Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:
Answer : organizational risk When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?
Answer : Develop policies that meet all mandated requirements |