CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 7
1. Relationships among security technologies are BEST defined through which of the following?
A) Security metrics
B) Network topology
C) Security architecture
D) Process improvement models
2. A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?
A) Enforce the existing security standard
B) Change the standard to permit the deployment
C) Perform a risk analysis to quantify the risk
D) Perform research to propose use of a better technology
3. Acceptable levels of information security risk should be determined by:
A) legal counsel.
B) security management.
C) external auditors.
D) die steering committee.
4. The PRIMARY goal in developing an information security strategy is to:
A) establish security metrics and performance monitoring.
B) educate business process owners regarding their duties.
C) ensure that legal and regulatory requirements are met
D) support the business objectives of the organization.
5. Senior management commitment and support for information security can BEST be enhanced through:
A) a formal security policy sponsored by the chief executive officer (CEO).
B) regular security awareness training for employees.
C) periodic review of alignment with business management goals.
D) senior management signoff on the information security strategy.
A) Security metrics
B) Network topology
C) Security architecture
D) Process improvement models
2. A business unit intends to deploy a new technology in a manner that places it in violation of existing information security standards. What immediate action should an information security manager take?
A) Enforce the existing security standard
B) Change the standard to permit the deployment
C) Perform a risk analysis to quantify the risk
D) Perform research to propose use of a better technology
3. Acceptable levels of information security risk should be determined by:
A) legal counsel.
B) security management.
C) external auditors.
D) die steering committee.
4. The PRIMARY goal in developing an information security strategy is to:
A) establish security metrics and performance monitoring.
B) educate business process owners regarding their duties.
C) ensure that legal and regulatory requirements are met
D) support the business objectives of the organization.
5. Senior management commitment and support for information security can BEST be enhanced through:
A) a formal security policy sponsored by the chief executive officer (CEO).
B) regular security awareness training for employees.
C) periodic review of alignment with business management goals.
D) senior management signoff on the information security strategy.
1. Right Answer: C
Explanation: Security architecture explains the use and relationships of security mechanisms. Security metrics measure improvement within the security practice but do not explain the use and relationships of security technologies. Process improvement models and network topology diagrams also do not describe the use and relationships of these technologies.
2. Right Answer: C
Explanation: Resolving conflicts of this type should be based on a sound risk analysis of the costs and benefits of allowing or disallowing an exception to the standard. A blanket decision should never be given without conducting such an analysis. Enforcing existing standards is a good practice; however, standards need to be continuously examined in light of new technologies and the risks they present. Standards should not be changed without an appropriate risk assessment.
3. Right Answer: D
Explanation: Senior management, represented in the steering committee, has ultimate responsibility for determining what levels of risk the organization is willing to assume.Legal counsel, the external auditors and security management are not in a position to make such a decision.
4. Right Answer: D
Explanation: The business objectives of the organization supersede all other factors. Establishing metrics and measuring performance, meeting legal and regulatory requirements, and educating business process owners are all subordinate to this overall goal.
5. Right Answer: C
Explanation: Ensuring that security activities continue to be aligned and support business goals is critical to obtaining their support. Although having the chief executive officer(CEO) signoff on the security policy and senior management signoff on the security strategy makes for good visibility and demonstrates good tone at the top, it is a one-time discrete event that may be quickly forgotten by senior management. Security awareness training for employees will not have as much effect on senior management commitment.
Explanation: Security architecture explains the use and relationships of security mechanisms. Security metrics measure improvement within the security practice but do not explain the use and relationships of security technologies. Process improvement models and network topology diagrams also do not describe the use and relationships of these technologies.
2. Right Answer: C
Explanation: Resolving conflicts of this type should be based on a sound risk analysis of the costs and benefits of allowing or disallowing an exception to the standard. A blanket decision should never be given without conducting such an analysis. Enforcing existing standards is a good practice; however, standards need to be continuously examined in light of new technologies and the risks they present. Standards should not be changed without an appropriate risk assessment.
3. Right Answer: D
Explanation: Senior management, represented in the steering committee, has ultimate responsibility for determining what levels of risk the organization is willing to assume.Legal counsel, the external auditors and security management are not in a position to make such a decision.
4. Right Answer: D
Explanation: The business objectives of the organization supersede all other factors. Establishing metrics and measuring performance, meeting legal and regulatory requirements, and educating business process owners are all subordinate to this overall goal.
5. Right Answer: C
Explanation: Ensuring that security activities continue to be aligned and support business goals is critical to obtaining their support. Although having the chief executive officer(CEO) signoff on the security policy and senior management signoff on the security strategy makes for good visibility and demonstrates good tone at the top, it is a one-time discrete event that may be quickly forgotten by senior management. Security awareness training for employees will not have as much effect on senior management commitment.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment