CISM—Certified Information Security Manager - Part 240

1. Senior management commitment and support will MOSTlikely be offered when the value of information security governance is presented from a:

A) threat perspective.
B) compliance perspective.
C) risk perspective.
D) policy perspective.



2. Which of the following would provide nonrepudiation of electronic transactions?

A) Two-factor authentication
B) Periodic reaccreditations
C) Third-party certificates
D) Receipt acknowledgment



3. The MAIN reason for an information security manager to monitor industry level changes in the business and IT is to:

A) evaluate the effect of the changes on the levels of residual risk.
B) identity changes in the risk environment.
C) update information security policies in accordance with the changes.
D) change business objectives based on potential impact.



4. Exceptions to a security policy should be approved based PRIMARILY on:

A) risk appetite.
B) the external threat probability.
C) results of a business impact analysis (BIA).
D) the number of security incidents.



5. Which of the following is the BEST way to increase the visibility of information security within an organization's culture?

A) Requiring cross-functional information security training
B) Implementing user awareness campaigns for the entire company
C) Publishing an acceptable use policy
D) Establishing security policies based on industry standards