CISM—Certified Information Security Manager - Part 234

1. In a large organization requesting outsourced services, which of the following contract clauses is MOST important to the information security manager?

A) Compliance with security requirements
B) Frequency of status reporting
C) Nondisclosure clause
D) Intellectual property



2. Which of the following service offerings in a typical Infrastructure as a Service (IaaS) model will BEST enable a cloud service provider to assist customers when recovering from a security incident?

A) Availability of current infrastructure documentation
B) Capability to take a snapshot of virtual machines
C) Availability of web application firewall logs
D) Capability of online virtual machine analysis



3. Which of the following is the BESTapproach for an information security manager when developing new information security policies?

A) Create a stakeholder map.
B) Reference an industry standard.
C) Establish an information security governance committee.
D) Download a policy template.



4. The FIRST step in establishing an information security program is to:

A) define policies and standards that mitigate the organization's risks
B) secure organizational commitment and support.
C) assess the organization's compliance with regulatory requirements.
D) determine the level of risk that is acceptable to senior management.



5. Due to budget constraints, an internal IT application does not include the necessary controls to meet a client service level agreement (SLA).Which of the following is the information security manager's BEST course of action?

A) Inform the legal department of the deficiency.
B) Analyze and report the issue to senior management.
C) Require the application owner to implement the controls.
D) Assess and present the risks to the application owner.