Isaca CISM - Certified Information Security Manager Exam

Page:    1 / 243   
Total 1212 questions

An information security risk analysis BEST assists an organization in ensuring that:

  • A. the infrastructure has the appropriate level of access control.
  • B. cost-effective decisions are made with regard to which assets need protection
  • C. an appropriate level of funding is applied to security processes.
  • D. the organization implements appropriate security technologies


Answer : B

In a multinational organization, local security regulations should be implemented over global security policy because:

  • A. business objectives are defined by local business unit managers.
  • B. deploying awareness of local regulations is more practical than of global policy.
  • C. global security policies include unnecessary controls for local businesses.
  • D. requirements of local regulations take precedence.


Answer : D

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST:

  • A. conduct a cost-benefit analysis.
  • B. conduct a risk assessment.
  • C. interview senior management.
  • D. perform a gap analysis.


Answer : D

When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

  • A. Access control management
  • B. Change management
  • C. Configuration management
  • D. Risk management


Answer : D

Which of the following is the BEST way to build a risk-aware culture?

  • A. Periodically change risk awareness messages.
  • B. Ensure that threats are communicated organization-wide in a timely manner.
  • C. Periodically test compliance with security controls and post results.
  • D. Establish incentives and a channel for staff to report risks.


Answer : C

Page:    1 / 243   
Total 1212 questions