CISM—Certified Information Security Manager - Part 232

1. Which of the following is the -responsibility of the information security steering committee?

A) Developing security polices aligned with the corporate and IT strategies
B) Reviewing business cases where benefits have not been realized
C) Identifying risks associated with new security initiatives
D) Developing and presenting business cases for security initiatives



2. After an information security business case has been approved by senior management, it should be:

A) used to design functional requirements for the solution.
B) used as the foundation for a risk assessment.
C) referenced to build architectural blueprints for the solution.
D) reviewed at key intervals to ensure intended outcomes.



3. Which is the MOST important to enable a timely response to a security breach?

A) Knowledge sharing and collaboration
B) Security event logging
C) Roles and responsibilities
D) Forensic analysis



4. When preparing a business case for the implementation of a security information and event management (SIEM) system, which of the following should be aPRIMARY driver in the feasibility study?

A) Cost of software
B) Cost-benefit analysis
C) Implementation timeframe
D) Industry benchmarks



5. Which of the following BEST demonstrates that an organization supports information security governance?

A) Employees attend annual organization-wide security training.
B) Information security policies are readily available to employees.
C) The incident response plan is documented and tested regularly.
D) Information security steering committee meetings are held regularly.