CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 16
1. Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?
A) Alignment with industry best practices
B) Business continuity investment
C) Business benefits
D) Regulatory compliance
2. A security manager meeting the requirements for the international flow of personal data will need to ensure:
A) a data processing agreement.
B) a data protection registration.
C) the agreement of the data subjects.
D) subject access procedures.
3. An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles?
A) Ethics
B) Proportionality
C) Integration
D) Accountability
4. Which of the following is the MOST important prerequisite for establishing information security management within an organization?
A) Senior management commitment
B) Information security framework
C) Information security organizational structure
D) Information security policy
5. What will have the HIGHEST impact on standard information security governance models?
A) Number of employees
B) Distance between physical locations
C) Complexity of organizational structure
D) Organizational budget
A) Alignment with industry best practices
B) Business continuity investment
C) Business benefits
D) Regulatory compliance
2. A security manager meeting the requirements for the international flow of personal data will need to ensure:
A) a data processing agreement.
B) a data protection registration.
C) the agreement of the data subjects.
D) subject access procedures.
3. An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles?
A) Ethics
B) Proportionality
C) Integration
D) Accountability
4. Which of the following is the MOST important prerequisite for establishing information security management within an organization?
A) Senior management commitment
B) Information security framework
C) Information security organizational structure
D) Information security policy
5. What will have the HIGHEST impact on standard information security governance models?
A) Number of employees
B) Distance between physical locations
C) Complexity of organizational structure
D) Organizational budget
1. Right Answer: D
Explanation: Regulatory compliance can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements. Buy-in from business managers must be obtained by the information security manager when an information security governance measure is sought based on its alignment with industry best practices. Business continuity investment needs to be justified by business impact analysis. When an information security governance measure is sought based on qualitative business benefits, further analysis is required to determine whether the benefits outweigh the cost of the information security governance measure in question.
2. Right Answer: C
Explanation: Whenever personal data are transferred across national boundaries, the awareness and agreement of the data subjects are required. Choices A, B and D are supplementary data protection requirements that are not key for international data transfer.
3. Right Answer: B
Explanation: Information security controls should be proportionate to the risks of modification, denial of use or disclosure of the information. It is advisable to learn if the job description is apportioning more data than are necessary for that position to execute the business rules (types of data access). Principles of ethics and integration have the least to do with mapping job description to types of data access. The principle of accountability would be the second most adhered to principle since people with access to data may not always be accountable but may be required to perform an operation.
4. Right Answer: A
Explanation: Senior management commitment is necessary in order for each of the other elements to succeed. Without senior management commitment, the other elements will likely be ignored within the organization.
5. Right Answer: C
Explanation: Information security governance models are highly dependent on the overall organizational structure. Some of the elements that impact organizational structure are multiple missions and functions across the organization, leadership and lines of communication. Number of employees and distance between physical locations have less impact on information security governance models since well-defined process, technology and people components intermingle to provide the proper governance. Organizational budget is not a major impact once good governance models are in place; hence governance will help in effective management of the organization's budget.
Explanation: Regulatory compliance can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements. Buy-in from business managers must be obtained by the information security manager when an information security governance measure is sought based on its alignment with industry best practices. Business continuity investment needs to be justified by business impact analysis. When an information security governance measure is sought based on qualitative business benefits, further analysis is required to determine whether the benefits outweigh the cost of the information security governance measure in question.
2. Right Answer: C
Explanation: Whenever personal data are transferred across national boundaries, the awareness and agreement of the data subjects are required. Choices A, B and D are supplementary data protection requirements that are not key for international data transfer.
3. Right Answer: B
Explanation: Information security controls should be proportionate to the risks of modification, denial of use or disclosure of the information. It is advisable to learn if the job description is apportioning more data than are necessary for that position to execute the business rules (types of data access). Principles of ethics and integration have the least to do with mapping job description to types of data access. The principle of accountability would be the second most adhered to principle since people with access to data may not always be accountable but may be required to perform an operation.
4. Right Answer: A
Explanation: Senior management commitment is necessary in order for each of the other elements to succeed. Without senior management commitment, the other elements will likely be ignored within the organization.
5. Right Answer: C
Explanation: Information security governance models are highly dependent on the overall organizational structure. Some of the elements that impact organizational structure are multiple missions and functions across the organization, leadership and lines of communication. Number of employees and distance between physical locations have less impact on information security governance models since well-defined process, technology and people components intermingle to provide the proper governance. Organizational budget is not a major impact once good governance models are in place; hence governance will help in effective management of the organization's budget.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment