CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 10
1. Which of the following is the MOST important information to include in a strategic plan for information security?
A) Information security staffing requirements
B) Current state and desired future state
C) IT capital investment requirements
D) information security mission statement
2. Information security projects should be prioritized on the basis of:
A) time required for implementation.
B) impact on the organization.
C) total cost for implementation.
D) mix of resources required.
3. Which of the following is the MOST important information to include in an information security standard?
A) Creation date
B) Author name
C) Initial draft approval date
D) Last review date
4. Which of the following would BEST prepare an information security manager for regulatory reviews?
A) Assign an information security administrator as regulatory liaison
B) Perform self-assessments using regulatory guidelines and reports
C) Assess previous regulatory reports with process owners input
D) Ensure all regulatory inquiries are sanctioned by the legal department
5. An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:
A) bring all locations into conformity with the aggregate requirements of all governmental jurisdictions.
B) establish baseline standards for all locations and add supplemental standards as required.
C) bring all locations into conformity with a generally accepted set of industry best practices.
D) establish a baseline standard incorporating those requirements that all jurisdictions have in common.
A) Information security staffing requirements
B) Current state and desired future state
C) IT capital investment requirements
D) information security mission statement
2. Information security projects should be prioritized on the basis of:
A) time required for implementation.
B) impact on the organization.
C) total cost for implementation.
D) mix of resources required.
3. Which of the following is the MOST important information to include in an information security standard?
A) Creation date
B) Author name
C) Initial draft approval date
D) Last review date
4. Which of the following would BEST prepare an information security manager for regulatory reviews?
A) Assign an information security administrator as regulatory liaison
B) Perform self-assessments using regulatory guidelines and reports
C) Assess previous regulatory reports with process owners input
D) Ensure all regulatory inquiries are sanctioned by the legal department
5. An information security manager at a global organization that is subject to regulation by multiple governmental jurisdictions with differing requirements should:
A) bring all locations into conformity with the aggregate requirements of all governmental jurisdictions.
B) establish baseline standards for all locations and add supplemental standards as required.
C) bring all locations into conformity with a generally accepted set of industry best practices.
D) establish a baseline standard incorporating those requirements that all jurisdictions have in common.
1. Right Answer: B
Explanation: It is most important to paint a vision for the future and then draw a road map from the stalling point to the desired future state. Staffing, capital investment and the mission all stem from this foundation.
2. Right Answer: B
Explanation: Information security projects should be assessed on the basis of the positive impact that they will have on the organization. Time, cost and resource issues should be subordinate to this objective.
3. Right Answer: D
Explanation: The last review date confirms the currency of the standard, affirming that management has reviewed the standard to assure that nothing in the environment has changed that would necessitate an update to the standard. The name of the author as well as the creation and draft dates are not that important.
4. Right Answer: B
Explanation: Self-assessments provide the best feedback on readiness and permit identification of items requiring remediation. Directing regulators to a specific person or department, or assessing previous reports, is not as effective. The legal department should review all formal inquiries but this does not help prepare for a regulatory review.
5. Right Answer: B
Explanation: It is more efficient to establish a baseline standard and then develop additional standards for locations that must meet specific requirements. Seeking a lowest common denominator or just using industry best practices may cause certain locations to fail regulatory compliance. The opposite approach''forcing all locations to be in compliance with the regulations places an undue burden on those locations.
Explanation: It is most important to paint a vision for the future and then draw a road map from the stalling point to the desired future state. Staffing, capital investment and the mission all stem from this foundation.
2. Right Answer: B
Explanation: Information security projects should be assessed on the basis of the positive impact that they will have on the organization. Time, cost and resource issues should be subordinate to this objective.
3. Right Answer: D
Explanation: The last review date confirms the currency of the standard, affirming that management has reviewed the standard to assure that nothing in the environment has changed that would necessitate an update to the standard. The name of the author as well as the creation and draft dates are not that important.
4. Right Answer: B
Explanation: Self-assessments provide the best feedback on readiness and permit identification of items requiring remediation. Directing regulators to a specific person or department, or assessing previous reports, is not as effective. The legal department should review all formal inquiries but this does not help prepare for a regulatory review.
5. Right Answer: B
Explanation: It is more efficient to establish a baseline standard and then develop additional standards for locations that must meet specific requirements. Seeking a lowest common denominator or just using industry best practices may cause certain locations to fail regulatory compliance. The opposite approach''forcing all locations to be in compliance with the regulations places an undue burden on those locations.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment