CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 14
1. At what stage of the applications development process should the security department initially become involved?
A) When requested
B) At testing
C) At programming
D) At detail requirements
2. A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be ofMOST value?
A) Examples of genuine incidents at similar organizations
B) Statement of generally accepted best practices
C) Associating realistic threats to corporate objectives
D) Analysis of current technological exposures
3. The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
A) generally accepted industry best practices.
B) business requirements.
C) legislative and regulatory requirements.
D) storage availability.
4. When personal information is transmitted across networks, there MUST be adequate controls over:
A) change management.
B) privacy protection.
C) consent to data transfer.
D) encryption devices.
5. An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to:
A) ensure that security processes are consistent across the organization.
B) enforce baseline security levels across the organization.
C) ensure that security processes are fully documented.
D) implement monitoring of key performance indicators for security processes.
A) When requested
B) At testing
C) At programming
D) At detail requirements
2. A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be ofMOST value?
A) Examples of genuine incidents at similar organizations
B) Statement of generally accepted best practices
C) Associating realistic threats to corporate objectives
D) Analysis of current technological exposures
3. The PRIMARY concern of an information security manager documenting a formal data retention policy would be:
A) generally accepted industry best practices.
B) business requirements.
C) legislative and regulatory requirements.
D) storage availability.
4. When personal information is transmitted across networks, there MUST be adequate controls over:
A) change management.
B) privacy protection.
C) consent to data transfer.
D) encryption devices.
5. An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to:
A) ensure that security processes are consistent across the organization.
B) enforce baseline security levels across the organization.
C) ensure that security processes are fully documented.
D) implement monitoring of key performance indicators for security processes.
1. Right Answer: D
Explanation: Information security has to be integrated into the requirements of the application's design. It should also be part of the information security governance of the organization. The application owner may not make a timely request for security involvement. It is too late during systems testing, since the requirements have already been agreed upon. Code reviews are part of the final quality assurance process.
2. Right Answer: C
Explanation: Linking realistic threats to key business objectives will direct executive attention to them. All other options are supportive but not of as great a value as choice C when trying to obtain the funds for a new program.
3. Right Answer: B
Explanation: The primary concern will be to comply with legislation and regulation but only if this is a genuine business requirement. Best practices may be a useful guide but not a primary concern. Legislative and regulatory requirements are only relevant if compliance is a business need. Storage is irrelevant since whatever is needed must be provided
4. Right Answer: B
Explanation: Privacy protection is necessary to ensure that the receiving party has the appropriate level of protection of personal data. Change management primarily protects only the information, not the privacy of the individuals. Consent is one of the protections that is frequently, but not always, required. Encryption is a method of achieving the actual control, but controls over the devices may not ensure adequate privacy protection and. therefore, is a partial answer.
5. Right Answer: A
Explanation: The organization first needs to move from ad hoc to repeatable processes. The organization then needs to document the processes and implement process monitoring and measurement. Baselining security levels will not necessarily assist in process improvement since baselining focuses primarily on control improvement. The organization needs to standardize processes both before documentation, and before monitoring and measurement.
Explanation: Information security has to be integrated into the requirements of the application's design. It should also be part of the information security governance of the organization. The application owner may not make a timely request for security involvement. It is too late during systems testing, since the requirements have already been agreed upon. Code reviews are part of the final quality assurance process.
2. Right Answer: C
Explanation: Linking realistic threats to key business objectives will direct executive attention to them. All other options are supportive but not of as great a value as choice C when trying to obtain the funds for a new program.
3. Right Answer: B
Explanation: The primary concern will be to comply with legislation and regulation but only if this is a genuine business requirement. Best practices may be a useful guide but not a primary concern. Legislative and regulatory requirements are only relevant if compliance is a business need. Storage is irrelevant since whatever is needed must be provided
4. Right Answer: B
Explanation: Privacy protection is necessary to ensure that the receiving party has the appropriate level of protection of personal data. Change management primarily protects only the information, not the privacy of the individuals. Consent is one of the protections that is frequently, but not always, required. Encryption is a method of achieving the actual control, but controls over the devices may not ensure adequate privacy protection and. therefore, is a partial answer.
5. Right Answer: A
Explanation: The organization first needs to move from ad hoc to repeatable processes. The organization then needs to document the processes and implement process monitoring and measurement. Baselining security levels will not necessarily assist in process improvement since baselining focuses primarily on control improvement. The organization needs to standardize processes both before documentation, and before monitoring and measurement.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment