CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 23
1. Which of the following would be MOST helpful to achieve alignment between information security and organization objectives?
A) Key control monitoring
B) A robust security awareness program
C) A security program that enables business activities
D) An effective security architecture
2. Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?
A) Continuous analysis, monitoring and feedback
B) Continuous monitoring of the return on security investment (ROSD
C) Continuous risk reduction
D) Key risk indicator (KRD setup to security management processes
3. The MOST complete business case for security solutions is one that.
A) includes appropriate justification.
B) explains the current risk profile.
C) details regulatory requirements.
D) identifies incidents and losses.
4. Which of the following is MOST important to understand when developing a meaningful information security strategy?
A) Regulatory environment
B) International security standards
C) Organizational risks
D) Organizational goals
5. Which of the following is an advantage of a centralized information security organizational structure?
A) It is easier to promote security awareness.
B) It is easier to manage and control.
C) It is more responsive to business unit needs.
D) It provides a faster turnaround for security requests.
A) Key control monitoring
B) A robust security awareness program
C) A security program that enables business activities
D) An effective security architecture
2. Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?
A) Continuous analysis, monitoring and feedback
B) Continuous monitoring of the return on security investment (ROSD
C) Continuous risk reduction
D) Key risk indicator (KRD setup to security management processes
3. The MOST complete business case for security solutions is one that.
A) includes appropriate justification.
B) explains the current risk profile.
C) details regulatory requirements.
D) identifies incidents and losses.
4. Which of the following is MOST important to understand when developing a meaningful information security strategy?
A) Regulatory environment
B) International security standards
C) Organizational risks
D) Organizational goals
5. Which of the following is an advantage of a centralized information security organizational structure?
A) It is easier to promote security awareness.
B) It is easier to manage and control.
C) It is more responsive to business unit needs.
D) It provides a faster turnaround for security requests.
1. Right Answer: C
Explanation: A security program enabling business activities would be most helpful to achieve alignment between information security and organization objectives. All of the other choices are part of the security program and would not individually and directly help as much as the security program.
2. Right Answer: A
Explanation: To improve the governance framework and achieve a higher level of maturity, an organization needs to conduct continuous analysis, monitoring and feedback compared to the current state of maturity. Return on security investment (ROSD may show the performance result of the security-related activities; however, the result is interpreted in terms of money and extends to multiple facets of security initiatives. Thus, it may not be an adequate option. Continuous risk reduction would demonstrate the effectiveness of the security governance framework, but does not indicate a higher level of maturity. Key risk indicator (KRD setup is a tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
3. Right Answer: A
Explanation: Management is primarily interested in security solutions that can address risks in the most cost-effective way. To address the needs of an organization, a business case should address appropriate security solutions in line with the organizational strategy.
4. Right Answer: D
Explanation: Alignment of security with business objectives requires an understanding of what an organization is trying to accomplish. The other choices are all elements that must be considered, but their importance is secondary and will vary depending on organizational goals.
5. Right Answer: B
Explanation: It is easier to manage and control a centralized structure. Promoting security awareness is an advantage of decentralization. Decentralization allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. Decentralized operations allow security administrators to be more responsive. Being close to the business allows decentralized security administrators to achieve a faster turnaround than that achieved in a centralized operation.
Explanation: A security program enabling business activities would be most helpful to achieve alignment between information security and organization objectives. All of the other choices are part of the security program and would not individually and directly help as much as the security program.
2. Right Answer: A
Explanation: To improve the governance framework and achieve a higher level of maturity, an organization needs to conduct continuous analysis, monitoring and feedback compared to the current state of maturity. Return on security investment (ROSD may show the performance result of the security-related activities; however, the result is interpreted in terms of money and extends to multiple facets of security initiatives. Thus, it may not be an adequate option. Continuous risk reduction would demonstrate the effectiveness of the security governance framework, but does not indicate a higher level of maturity. Key risk indicator (KRD setup is a tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.
3. Right Answer: A
Explanation: Management is primarily interested in security solutions that can address risks in the most cost-effective way. To address the needs of an organization, a business case should address appropriate security solutions in line with the organizational strategy.
4. Right Answer: D
Explanation: Alignment of security with business objectives requires an understanding of what an organization is trying to accomplish. The other choices are all elements that must be considered, but their importance is secondary and will vary depending on organizational goals.
5. Right Answer: B
Explanation: It is easier to manage and control a centralized structure. Promoting security awareness is an advantage of decentralization. Decentralization allows you to use field security personnel as security missionaries or ambassadors to spread the security awareness message. Decentralized operations allow security administrators to be more responsive. Being close to the business allows decentralized security administrators to achieve a faster turnaround than that achieved in a centralized operation.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment