CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 12
1. While implementing information security governance an organization should FIRST:
A) adopt security standards.
B) determine security baselines.
C) define the security strategy.
D) establish security policies.
2. The MOST basic requirement for an information security governance program is to:
A) be aligned with the corporate business strategy.
B) be based on a sound risk management approach.
C) provide adequate regulatory compliance.
D) provide best practices for security- initiatives.
3. Information security policy enforcement is the responsibility of the:
A) security steering committee.
B) chief information officer (CIO).
C) chief information security officer (CISO).
D) chief compliance officer (CCO).
4. A good privacy statement should include:
A) notification of liability on accuracy of information.
B) notification that information will be encrypted.
C) what the company will do with information it collects.
D) a description of the information classification process.
5. Which of the following would be MOST effective in successfully implementing restrictive password policies?
A) Regular password audits
B) Single sign-on system
C) Security awareness program
D) Penalties for noncompliance
A) adopt security standards.
B) determine security baselines.
C) define the security strategy.
D) establish security policies.
2. The MOST basic requirement for an information security governance program is to:
A) be aligned with the corporate business strategy.
B) be based on a sound risk management approach.
C) provide adequate regulatory compliance.
D) provide best practices for security- initiatives.
3. Information security policy enforcement is the responsibility of the:
A) security steering committee.
B) chief information officer (CIO).
C) chief information security officer (CISO).
D) chief compliance officer (CCO).
4. A good privacy statement should include:
A) notification of liability on accuracy of information.
B) notification that information will be encrypted.
C) what the company will do with information it collects.
D) a description of the information classification process.
5. Which of the following would be MOST effective in successfully implementing restrictive password policies?
A) Regular password audits
B) Single sign-on system
C) Security awareness program
D) Penalties for noncompliance
1. Right Answer: C
Explanation: The first step in implementing information security governance is to define the security strategy based on which security baselines are determined. Adopting suitable security- standards, performing risk assessment and implementing security policy are steps that follow the definition of the security strategy.
2. Right Answer: A
Explanation: To receive senior management support, an information security program should be aligned with the corporate business strategy. Risk management is a requirement of an information security program which should take into consideration the business strategy. Security governance is much broader than just regulatory compliance. Best practice is an operational concern and does not have a direct impact on a governance program.
3. Right Answer: C
Explanation: Information security policy enforcement is the responsibility of the chief information security officer (CISO), first and foremost. The board of directors and executive management should ensure that a security policy is in line with corporate objectives. The chief information officer (CIO) and the chief compliance officer (CCO) are involved in the enforcement of the policy but are not directly responsible for it.
4. Right Answer: C
Explanation: Most privacy laws and regulations require disclosure on how information will be used. Choice A is incorrect because that information should be located in the web site's disclaimer. Choice B is incorrect because, although encryption may be applied, this is not generally disclosed. Choice D is incorrect because information classification would be contained in a separate policy.
5. Right Answer: C
Explanation: To be successful in implementing restrictive password policies, it is necessary to obtain the buy-in of the end users. The best way to accomplish this is through a security awareness program. Regular password audits and penalties for noncompliance would not be as effective on their own; people would go around them unless forced by the system. Single sign-on is a technology solution that would enforce password complexity but would not promote user compliance. For the effort to be more effective, user buy-in is important.
Explanation: The first step in implementing information security governance is to define the security strategy based on which security baselines are determined. Adopting suitable security- standards, performing risk assessment and implementing security policy are steps that follow the definition of the security strategy.
2. Right Answer: A
Explanation: To receive senior management support, an information security program should be aligned with the corporate business strategy. Risk management is a requirement of an information security program which should take into consideration the business strategy. Security governance is much broader than just regulatory compliance. Best practice is an operational concern and does not have a direct impact on a governance program.
3. Right Answer: C
Explanation: Information security policy enforcement is the responsibility of the chief information security officer (CISO), first and foremost. The board of directors and executive management should ensure that a security policy is in line with corporate objectives. The chief information officer (CIO) and the chief compliance officer (CCO) are involved in the enforcement of the policy but are not directly responsible for it.
4. Right Answer: C
Explanation: Most privacy laws and regulations require disclosure on how information will be used. Choice A is incorrect because that information should be located in the web site's disclaimer. Choice B is incorrect because, although encryption may be applied, this is not generally disclosed. Choice D is incorrect because information classification would be contained in a separate policy.
5. Right Answer: C
Explanation: To be successful in implementing restrictive password policies, it is necessary to obtain the buy-in of the end users. The best way to accomplish this is through a security awareness program. Regular password audits and penalties for noncompliance would not be as effective on their own; people would go around them unless forced by the system. Single sign-on is a technology solution that would enforce password complexity but would not promote user compliance. For the effort to be more effective, user buy-in is important.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment