CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 17
1. In order to highlight to management, the importance of integrating information security in the business processes, a newly hired information security officer shouldFIRST:
A) prepare a security budget.
B) conduct a risk assessment.
C) develop an information security policy.
D) obtain benchmarking information.
2. Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:
A) it implies compliance risks.
B) short-term impact cannot be determined.
C) it violates industry security practices.
D) changes in the roles matrix cannot be detected.
3. An outcome of effective security governance is:
A) business dependency assessment
B) strategic alignment.
C) risk assessment.
D) planning.
4. How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?
A) Give organization standards preference over local regulations
B) Follow local regulations only
C) Make the organization aware of those standards where local regulations causes conflicts
D) Negotiate a local version of the organization standards
5. Who should drive the risk analysis for an organization?
A) Senior management
B) Security manager
C) Quality manager
D) Legal department
A) prepare a security budget.
B) conduct a risk assessment.
C) develop an information security policy.
D) obtain benchmarking information.
2. Temporarily deactivating some monitoring processes, even if supported by an acceptance of operational risk, may not be acceptable to the information security manager if:
A) it implies compliance risks.
B) short-term impact cannot be determined.
C) it violates industry security practices.
D) changes in the roles matrix cannot be detected.
3. An outcome of effective security governance is:
A) business dependency assessment
B) strategic alignment.
C) risk assessment.
D) planning.
4. How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?
A) Give organization standards preference over local regulations
B) Follow local regulations only
C) Make the organization aware of those standards where local regulations causes conflicts
D) Negotiate a local version of the organization standards
5. Who should drive the risk analysis for an organization?
A) Senior management
B) Security manager
C) Quality manager
D) Legal department
1. Right Answer: B
Explanation: Risk assessment, evaluation and impact analysis will be the starting point for driving management's attention to information security. All other choices will follow the risk assessment.
2. Right Answer: A
Explanation: Monitoring processes are also required to guarantee fulfillment of laws and regulations of the organization and, therefore, the information security manager will be obligated to comply with the law. Choices B and C are evaluated as part of the operational risk. Choice D is unlikely to be as critical a breach of regulatory legislation. The acceptance of operational risks overrides choices B, C and D.
3. Right Answer: B
Explanation: Business dependency assessment is a process of determining the dependency of a business on certain information resources. It is not an outcome or a product of effective security management. Strategic alignment is an outcome of effective security governance. Where there is good governance, there is likely to be strategic alignment. Risk assessment is not an outcome of effective security governance; it is a process. Planning comes at the beginning of effective security governance, and is not an outcome but a process.
4. Right Answer: D
Explanation: Adherence to local regulations must always be the priority. Not following local regulations can prove detrimental to the group organization. Following local regulations only is incorrect since there needs to be some recognition of organization requirements. Making an organization aware of standards is a sensible step, but is not a total solution. Negotiating a local version of the organization standards is the most effective compromise in this situation.
5. Right Answer: B
Explanation: Although senior management should support and sponsor a risk analysis, the know-how and the management of the project will be with the security department.Quality management and the legal department will contribute to the project.
Explanation: Risk assessment, evaluation and impact analysis will be the starting point for driving management's attention to information security. All other choices will follow the risk assessment.
2. Right Answer: A
Explanation: Monitoring processes are also required to guarantee fulfillment of laws and regulations of the organization and, therefore, the information security manager will be obligated to comply with the law. Choices B and C are evaluated as part of the operational risk. Choice D is unlikely to be as critical a breach of regulatory legislation. The acceptance of operational risks overrides choices B, C and D.
3. Right Answer: B
Explanation: Business dependency assessment is a process of determining the dependency of a business on certain information resources. It is not an outcome or a product of effective security management. Strategic alignment is an outcome of effective security governance. Where there is good governance, there is likely to be strategic alignment. Risk assessment is not an outcome of effective security governance; it is a process. Planning comes at the beginning of effective security governance, and is not an outcome but a process.
4. Right Answer: D
Explanation: Adherence to local regulations must always be the priority. Not following local regulations can prove detrimental to the group organization. Following local regulations only is incorrect since there needs to be some recognition of organization requirements. Making an organization aware of standards is a sensible step, but is not a total solution. Negotiating a local version of the organization standards is the most effective compromise in this situation.
5. Right Answer: B
Explanation: Although senior management should support and sponsor a risk analysis, the know-how and the management of the project will be with the security department.Quality management and the legal department will contribute to the project.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment