CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 22
1. Which of the following is the MOST important element of an information security strategy?
A) Defined objectives
B) Time frames for delivery
C) Adoption of a control framework
D) Complete policies
2. A multinational organization operating in fifteen countries is considering implementing an information security program. Which factor will MOST influence the design of the Information security program?
A) Representation by regional business leaders
B) Composition of the board
C) Cultures of the different countries
D) IT security skills
3. Which of the following is the BEST justification to convince management to invest in an information security program?
A) Cost reduction
B) Compliance with company policies
C) Protection of business assets
D) Increased business value
4. On a company's e-commerce web site, a good legal statement regarding data privacy should include:
A) a statement regarding what the company will do with the information it collects.
B) a disclaimer regarding the accuracy of information on its web site.
C) technical information regarding how information is protected.
D) a statement regarding where the information is being hosted.
5. The MOST important factor in ensuring the success of an information security program is effective:
A) communication of information security requirements to all users in the organization.
B) formulation of policies and procedures for information security.
C) alignment with organizational goals and objectives.
D) monitoring compliance with information security policies and procedures.
A) Defined objectives
B) Time frames for delivery
C) Adoption of a control framework
D) Complete policies
2. A multinational organization operating in fifteen countries is considering implementing an information security program. Which factor will MOST influence the design of the Information security program?
A) Representation by regional business leaders
B) Composition of the board
C) Cultures of the different countries
D) IT security skills
3. Which of the following is the BEST justification to convince management to invest in an information security program?
A) Cost reduction
B) Compliance with company policies
C) Protection of business assets
D) Increased business value
4. On a company's e-commerce web site, a good legal statement regarding data privacy should include:
A) a statement regarding what the company will do with the information it collects.
B) a disclaimer regarding the accuracy of information on its web site.
C) technical information regarding how information is protected.
D) a statement regarding where the information is being hosted.
5. The MOST important factor in ensuring the success of an information security program is effective:
A) communication of information security requirements to all users in the organization.
B) formulation of policies and procedures for information security.
C) alignment with organizational goals and objectives.
D) monitoring compliance with information security policies and procedures.
1. Right Answer: A
Explanation: Without defined objectives, a strategy '' the plan to achieve objectives '' cannot be developed. Time frames for delivery are important but not critical for inclusion in the strategy document. Similarly, the adoption of a control framework is not critical to having a successful information security strategy. Policies are developed subsequent to, and as a part of, implementing a strategy.
2. Right Answer: C
Explanation: Culture has a significant impact on how information security will be implemented. Representation by regional business leaders may not have a major influence unless it concerns cultural issues. Composition of the board may not have a significant impact compared to cultural issues. IT security skills are not as key or high impact in designing a multinational information security program as would be cultural issues.
3. Right Answer: D
Explanation: Investing in an information security program should increase business value and confidence. Cost reduction by itself is rarely the motivator for implementing an information security program. Compliance is secondary to business value. Increasing business value may include protection of business assets.
4. Right Answer: A
Explanation: Most privacy laws and regulations require disclosure on how information will be used. A disclaimer is not necessary since it does not refer to data privacy.Technical details regarding how information is protected are not mandatory to publish on the web site and in fact would not be desirable. It is not mandatory to say where information is being hosted.
5. Right Answer: C
Explanation: The success of security programs is dependent upon alignment with organizational goals and objectives. Communication is a secondary step. Effective communication and education of users is a critical determinant of success but alignment with organizational goals and objectives is the most important factor for success. Mere formulation of policies without effective communication to users will not ensure success. Monitoring compliance with information security policies and procedures can be, at best, a detective mechanism that will not lead to success in the midst of uninformed users.
Explanation: Without defined objectives, a strategy '' the plan to achieve objectives '' cannot be developed. Time frames for delivery are important but not critical for inclusion in the strategy document. Similarly, the adoption of a control framework is not critical to having a successful information security strategy. Policies are developed subsequent to, and as a part of, implementing a strategy.
2. Right Answer: C
Explanation: Culture has a significant impact on how information security will be implemented. Representation by regional business leaders may not have a major influence unless it concerns cultural issues. Composition of the board may not have a significant impact compared to cultural issues. IT security skills are not as key or high impact in designing a multinational information security program as would be cultural issues.
3. Right Answer: D
Explanation: Investing in an information security program should increase business value and confidence. Cost reduction by itself is rarely the motivator for implementing an information security program. Compliance is secondary to business value. Increasing business value may include protection of business assets.
4. Right Answer: A
Explanation: Most privacy laws and regulations require disclosure on how information will be used. A disclaimer is not necessary since it does not refer to data privacy.Technical details regarding how information is protected are not mandatory to publish on the web site and in fact would not be desirable. It is not mandatory to say where information is being hosted.
5. Right Answer: C
Explanation: The success of security programs is dependent upon alignment with organizational goals and objectives. Communication is a secondary step. Effective communication and education of users is a critical determinant of success but alignment with organizational goals and objectives is the most important factor for success. Mere formulation of policies without effective communication to users will not ensure success. Monitoring compliance with information security policies and procedures can be, at best, a detective mechanism that will not lead to success in the midst of uninformed users.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment