CISM—Certified Information Security Manager - Part 236

1. A risk analysis for a new system is being performed.For which of the following is business knowledge MORE important than IT knowledge?

A) Vulnerability analysis
B) Balanced scorecard
C) Cost-benefit analysis
D) Impact analysis



2. When supporting a large corporation's board of directors in the development of governance, which of the following is the PRIMARY function of the information security manager?

A) Gaining commitment of senior management
B) Preparing the security budget
C) Providing advice and guidance
D) Developing a balanced scorecard



3. Which of the following is MOST likely to drive an update to the information security strategy?

A) A recent penetration test has uncovered a control weakness.
B) A major business application has been upgraded.
C) Management has decided to implement an emerging technology.
D) A new chief technology officer has been hired.



4. Which of the following will BEST help to ensure security is addressed when developing a custom application?

A) Conducting security training for the development staff
B) Integrating security requirements into the development process
C) Requiring a security assessment before implementation
D) Integrating a security audit throughout the development process



5. Which of the following would provide the MOST comprehensive view of the effectiveness of the information security function within an organization?

A) An incident reporting system
B) Examples of compliance with security processes
C) A balanced scorecard
D) An interview with senior managers