CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 3
1. Successful implementation of information security governance will FIRST require:
A) security awareness training.
B) updated security policies.
C) a computer incident management team.
D) a security architecture.
2. Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?
A) Information security manager
B) Chief operating officer (COO)
C) Internal auditor
D) Legal counsel
3. The MOST important component of a privacy policy is:
A) notifications.
B) warranties.
C) liabilities.
D) geographic coverage.
4. The cost of implementing a security control should not exceed the:
A) annualized loss expectancy.
B) cost of an incident.
C) asset value.
D) implementation opportunity costs.
5. When a security standard conflicts with a business objective, the situation should be resolved by:
A) changing the security standard.
B) changing the business objective.
C) performing a risk analysis.
D) authorizing a risk acceptance.
A) security awareness training.
B) updated security policies.
C) a computer incident management team.
D) a security architecture.
2. Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?
A) Information security manager
B) Chief operating officer (COO)
C) Internal auditor
D) Legal counsel
3. The MOST important component of a privacy policy is:
A) notifications.
B) warranties.
C) liabilities.
D) geographic coverage.
4. The cost of implementing a security control should not exceed the:
A) annualized loss expectancy.
B) cost of an incident.
C) asset value.
D) implementation opportunity costs.
5. When a security standard conflicts with a business objective, the situation should be resolved by:
A) changing the security standard.
B) changing the business objective.
C) performing a risk analysis.
D) authorizing a risk acceptance.
1. Right Answer: B
Explanation: Updated security policies are required to align management objectives with security procedures; management objectives translate into policy; policy translates into procedures. Security procedures will necessitate specialized teams such as the computer incident response and management group as well as specialized tools such as the security mechanisms that comprise the security architecture. Security awareness will promote the policies, procedures and appropriate use of the security mechanisms.
2. Right Answer: B
Explanation: The chief operating officer (COO) is highly-placed within an organization and has the most knowledge of business operations and objectives. The chief internal auditor and chief legal counsel are appropriate members of such a steering group. However, sponsoring the creation of the steering committee should be initiated by someone versed in the strategy and direction of the business. Since a security manager is looking to this group for direction, they are not in the best position to oversee formation of this group.
3. Right Answer: A
Explanation: Privacy policies must contain notifications and opt-out provisions: they are a high-level management statement of direction. They do not necessarily address warranties, liabilities or geographic coverage, which are more specific.
4. Right Answer: C
Explanation: The cost of implementing security controls should not exceed the worth of the asset. Annualized loss expectancy represents the losses drat are expected to happen during a single calendar year. A security mechanism may cost more than this amount (or the cost of a single incident) and still be considered cost effective. Opportunity costs relate to revenue lost by forgoing the acquisition of an item or the making of a business decision.
5. Right Answer: C
Explanation: Conflicts of this type should be based on a risk analysis of the costs and benefits of allowing or disallowing an exception to the standard. It is highly improbable that a business objective could be changed to accommodate a security standard, while risk acceptance* is a process that derives from the risk analysis.
Explanation: Updated security policies are required to align management objectives with security procedures; management objectives translate into policy; policy translates into procedures. Security procedures will necessitate specialized teams such as the computer incident response and management group as well as specialized tools such as the security mechanisms that comprise the security architecture. Security awareness will promote the policies, procedures and appropriate use of the security mechanisms.
2. Right Answer: B
Explanation: The chief operating officer (COO) is highly-placed within an organization and has the most knowledge of business operations and objectives. The chief internal auditor and chief legal counsel are appropriate members of such a steering group. However, sponsoring the creation of the steering committee should be initiated by someone versed in the strategy and direction of the business. Since a security manager is looking to this group for direction, they are not in the best position to oversee formation of this group.
3. Right Answer: A
Explanation: Privacy policies must contain notifications and opt-out provisions: they are a high-level management statement of direction. They do not necessarily address warranties, liabilities or geographic coverage, which are more specific.
4. Right Answer: C
Explanation: The cost of implementing security controls should not exceed the worth of the asset. Annualized loss expectancy represents the losses drat are expected to happen during a single calendar year. A security mechanism may cost more than this amount (or the cost of a single incident) and still be considered cost effective. Opportunity costs relate to revenue lost by forgoing the acquisition of an item or the making of a business decision.
5. Right Answer: C
Explanation: Conflicts of this type should be based on a risk analysis of the costs and benefits of allowing or disallowing an exception to the standard. It is highly improbable that a business objective could be changed to accommodate a security standard, while risk acceptance* is a process that derives from the risk analysis.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment