CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 107
1. Which if the following would be the MOST important information to include in a business case for an information security project in a highly regulated industry?
A) Compliance risk assessment
B) Critical audit findings
C) Industry comparison analysis
D) Number of reported security incidents
2. Which of the following should be of MOST concern to an information security manager reviewing an organization's data classification program?
A) The program allows exceptions to be granted.
B) Labeling is not consistent throughout the organization.
C) Data retention requirement are not defined.
D) The classifications do not follow industry best practices.
3. Which of the following would the BEST demonstrate the added value of an information security program?
A) Security baselines
B) A SWOT analysis
C) A gap analysis
D) A balanced scorecard
4. An information security manager is asked to provide evidence that the organization is fulfilling its legal obligation to protect personally identifiable information (PII).Which of the following would be MOST helpful for this purpose?
A) Metrics related to program effectiveness
B) Written policies and standards
C) Privacy awareness training
D) Risk assessments of privacy-related applications
5. Which of the following should be PRIMARILY included in a security training program for business process owners?
A) Impact of security risks
B) Application vulnerabilities
C) Application recovery time
D) List of security incidents reported
A) Compliance risk assessment
B) Critical audit findings
C) Industry comparison analysis
D) Number of reported security incidents
2. Which of the following should be of MOST concern to an information security manager reviewing an organization's data classification program?
A) The program allows exceptions to be granted.
B) Labeling is not consistent throughout the organization.
C) Data retention requirement are not defined.
D) The classifications do not follow industry best practices.
3. Which of the following would the BEST demonstrate the added value of an information security program?
A) Security baselines
B) A SWOT analysis
C) A gap analysis
D) A balanced scorecard
4. An information security manager is asked to provide evidence that the organization is fulfilling its legal obligation to protect personally identifiable information (PII).Which of the following would be MOST helpful for this purpose?
A) Metrics related to program effectiveness
B) Written policies and standards
C) Privacy awareness training
D) Risk assessments of privacy-related applications
5. Which of the following should be PRIMARILY included in a security training program for business process owners?
A) Impact of security risks
B) Application vulnerabilities
C) Application recovery time
D) List of security incidents reported
1. Right Answer: A
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: B
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: A
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment