CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 2
1. Information security governance is PRIMARILY driven by:
A) technology constraints.
B) regulatory requirements.
C) litigation potential.
D) business strategy.
2. Which of the following represents the MAJOR focus of privacy regulations?
A) Unrestricted data mining
B) Identity theft
C) Human rights protection D.
D) Identifiable personal data
3. Investments in information security technologies should be based on:
A) vulnerability assessments.
B) value analysis.
C) business climate.
D) audit recommendations.
4. Retention of business records should PRIMARILY be based on:
A) business strategy and direction.
B) regulatory and legal requirements.
C) storage capacity and longevity.
D) business ease and value analysis.
5. Which of the following is characteristic of centralized information security management?
A) More expensive to administer
B) Better adherence to policies
C) More aligned with business unit needs
D) Faster turnaround of requests
A) technology constraints.
B) regulatory requirements.
C) litigation potential.
D) business strategy.
2. Which of the following represents the MAJOR focus of privacy regulations?
A) Unrestricted data mining
B) Identity theft
C) Human rights protection D.
D) Identifiable personal data
3. Investments in information security technologies should be based on:
A) vulnerability assessments.
B) value analysis.
C) business climate.
D) audit recommendations.
4. Retention of business records should PRIMARILY be based on:
A) business strategy and direction.
B) regulatory and legal requirements.
C) storage capacity and longevity.
D) business ease and value analysis.
5. Which of the following is characteristic of centralized information security management?
A) More expensive to administer
B) Better adherence to policies
C) More aligned with business unit needs
D) Faster turnaround of requests
1. Right Answer: D
Explanation: Governance is directly tied to the strategy and direction of the business. Technology constraints, regulatory requirements and litigation potential are all important factors, but they are necessarily in line with the business strategy.
2. Right Answer: D
Explanation: Protection of identifiable personal data is the major focus of recent privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA).Data mining is an accepted tool for ad hoc reporting; it could pose a threat to privacy only if it violates regulator)' provisions. Identity theft is a potential consequence of privacy violations but not the main focus of many regulations. Human rights addresses privacy issues but is not the main focus of regulations.
3. Right Answer: B
Explanation: Investments in security technologies should be based on a value analysis and a sound business case. Demonstrated value takes precedence over the current business climate because it is ever changing. Basing decisions on audit recommendations would be reactive in nature and might not address the key business needs comprehensively. Vulnerability assessments are useful, but they do not determine whether the cost is justified.
4. Right Answer: B
Explanation: Retention of business records is generally driven by legal and regulatory requirements. Business strategy and direction would not normally apply nor would they override legal and regulatory requirements. Storage capacity and longevity are important but secondary issues. Business case and value analysis would be secondary to complying with legal and regulatory requirements.
5. Right Answer: B
Explanation: Centralization of information security management results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economics of scale. However, turnaround can be slower due to the lack of alignment with business units.
Explanation: Governance is directly tied to the strategy and direction of the business. Technology constraints, regulatory requirements and litigation potential are all important factors, but they are necessarily in line with the business strategy.
2. Right Answer: D
Explanation: Protection of identifiable personal data is the major focus of recent privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA).Data mining is an accepted tool for ad hoc reporting; it could pose a threat to privacy only if it violates regulator)' provisions. Identity theft is a potential consequence of privacy violations but not the main focus of many regulations. Human rights addresses privacy issues but is not the main focus of regulations.
3. Right Answer: B
Explanation: Investments in security technologies should be based on a value analysis and a sound business case. Demonstrated value takes precedence over the current business climate because it is ever changing. Basing decisions on audit recommendations would be reactive in nature and might not address the key business needs comprehensively. Vulnerability assessments are useful, but they do not determine whether the cost is justified.
4. Right Answer: B
Explanation: Retention of business records is generally driven by legal and regulatory requirements. Business strategy and direction would not normally apply nor would they override legal and regulatory requirements. Storage capacity and longevity are important but secondary issues. Business case and value analysis would be secondary to complying with legal and regulatory requirements.
5. Right Answer: B
Explanation: Centralization of information security management results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economics of scale. However, turnaround can be slower due to the lack of alignment with business units.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment