CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 5
1. Which of the following requirements would have the lowest level of priority in information security?
A) Technical
B) Regulatory
C) Privacy
D) Business
2. When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?
A) Develop a security architecture
B) Establish good communication with steering committee members
C) Assemble an experienced staff
D) Benchmark peer organizations
3. It is MOST important that information security architecture be aligned with which of the following?
A) Industry best practices
B) Information technology plans
C) Information security best practices
D) Business objectives and goals
4. Which of the following is MOST likely to be discretionary?
A) Policies
B) Procedures
C) Guidelines
D) Standards
5. Security technologies should be selected PRIMARILY on the basis of their:
A) ability to mitigate business risks.
B) evaluations in trade publications.
C) use of new and emerging technologies.
D) benefits in comparison to their costs.
A) Technical
B) Regulatory
C) Privacy
D) Business
2. When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?
A) Develop a security architecture
B) Establish good communication with steering committee members
C) Assemble an experienced staff
D) Benchmark peer organizations
3. It is MOST important that information security architecture be aligned with which of the following?
A) Industry best practices
B) Information technology plans
C) Information security best practices
D) Business objectives and goals
4. Which of the following is MOST likely to be discretionary?
A) Policies
B) Procedures
C) Guidelines
D) Standards
5. Security technologies should be selected PRIMARILY on the basis of their:
A) ability to mitigate business risks.
B) evaluations in trade publications.
C) use of new and emerging technologies.
D) benefits in comparison to their costs.
1. Right Answer: A
Explanation: Information security priorities may, at times, override technical specifications, which then must be rewritten to conform to minimum security standards. Regulatory and privacy requirements are government-mandated and, therefore, not subject to override. The needs of the business should always take precedence in deciding information security priorities.
2. Right Answer: B
Explanation: New information security managers should seek to build rapport and establish lines of communication with senior management to enlist their support.Benchmarking peer organizations is beneficial to better understand industry best practices, but it is secondary to obtaining senior management support. Similarly, developing a security architecture and assembling an experienced staff are objectives that can be obtained later.
3. Right Answer: D
Explanation: Information security architecture should always be properly aligned with business goals and objectives. Alignment with IT plans or industry and security best practices is secondary by comparison.
4. Right Answer: C
Explanation: Policies define security goals and expectations for an organization. These are defined in more specific terms within standards and procedures. Standards establish what is to be done while procedures describe how it is to be done. Guidelines provide recommendations that business management must consider in developing practices within their areas of control; as such, they are discretionary.
5. Right Answer: A
Explanation: The most fundamental evaluation criterion for the appropriate selection of any security technology is its ability to reduce or eliminate business risks. Investments in security technologies should be based on their overall value in relation to their cost; the value can be demonstrated in terms of risk mitigation. This should take precedence over whether they use new or exotic technologies or how they are evaluated in trade publications.
Explanation: Information security priorities may, at times, override technical specifications, which then must be rewritten to conform to minimum security standards. Regulatory and privacy requirements are government-mandated and, therefore, not subject to override. The needs of the business should always take precedence in deciding information security priorities.
2. Right Answer: B
Explanation: New information security managers should seek to build rapport and establish lines of communication with senior management to enlist their support.Benchmarking peer organizations is beneficial to better understand industry best practices, but it is secondary to obtaining senior management support. Similarly, developing a security architecture and assembling an experienced staff are objectives that can be obtained later.
3. Right Answer: D
Explanation: Information security architecture should always be properly aligned with business goals and objectives. Alignment with IT plans or industry and security best practices is secondary by comparison.
4. Right Answer: C
Explanation: Policies define security goals and expectations for an organization. These are defined in more specific terms within standards and procedures. Standards establish what is to be done while procedures describe how it is to be done. Guidelines provide recommendations that business management must consider in developing practices within their areas of control; as such, they are discretionary.
5. Right Answer: A
Explanation: The most fundamental evaluation criterion for the appropriate selection of any security technology is its ability to reduce or eliminate business risks. Investments in security technologies should be based on their overall value in relation to their cost; the value can be demonstrated in terms of risk mitigation. This should take precedence over whether they use new or exotic technologies or how they are evaluated in trade publications.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment