CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 8
1. When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?
A) Create separate policies to address each regulation
B) Develop policies that meet all mandated requirements
C) Incorporate policy statements provided by regulators
D) Develop a compliance risk assessment
2. Which of the following MOST commonly falls within the scope of an information security governance steering committee?
A) Interviewing candidates for information security specialist positions
B) Developing content for security awareness programs
C) Prioritizing information security initiatives
D) Approving access to critical financial systems
3. Which of the following is the MOST important factor when designing information security architecture?
A) Technical platform interfaces
B) Scalability of the network
C) Development methodologies
D) Stakeholder requirements
4. Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?
A) Knowledge of information technology platforms, networks and development methodologies
B) Ability to understand and map organizational needs to security technologies
C) Knowledge of the regulatory environment and project management techniques
D) Ability to manage a diverse group of individuals and resources across an organization
5. Which of the following are likely to be updated MOST frequently?
A) Procedures for hardening database servers
B) Standards for password length and complexity
C) Policies addressing information security governance
D) Standards for document retention and destruction
A) Create separate policies to address each regulation
B) Develop policies that meet all mandated requirements
C) Incorporate policy statements provided by regulators
D) Develop a compliance risk assessment
2. Which of the following MOST commonly falls within the scope of an information security governance steering committee?
A) Interviewing candidates for information security specialist positions
B) Developing content for security awareness programs
C) Prioritizing information security initiatives
D) Approving access to critical financial systems
3. Which of the following is the MOST important factor when designing information security architecture?
A) Technical platform interfaces
B) Scalability of the network
C) Development methodologies
D) Stakeholder requirements
4. Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?
A) Knowledge of information technology platforms, networks and development methodologies
B) Ability to understand and map organizational needs to security technologies
C) Knowledge of the regulatory environment and project management techniques
D) Ability to manage a diverse group of individuals and resources across an organization
5. Which of the following are likely to be updated MOST frequently?
A) Procedures for hardening database servers
B) Standards for password length and complexity
C) Policies addressing information security governance
D) Standards for document retention and destruction
1. Right Answer: B
Explanation: It will be much more efficient to craft all relevant requirements into policies than to create separate versions. Using statements provided by regulators will not capture all of the requirements mandated by different regulators. A compliance risk assessment is an important tool to verify that procedures ensure compliance once the policies have been established.
2. Right Answer: C
Explanation: Prioritizing information security initiatives is the only appropriate item. The interviewing of specialists should be performed by the information security manager, while the developing of program content should be performed by the information security staff. Approving access to critical financial systems is the responsibility of individual system data owners.
3. Right Answer: D
Explanation: The most important factor for information security is that it advances the interests of the business, as defined by stakeholder requirements. Interoperability and scalability, as well as development methodologies, are all important but are without merit if a technologically-elegant solution is achieved that does not meet the needs of the business.
4. Right Answer: B
Explanation: Information security will be properly aligned with the goals of the business only with the ability to understand and map organizational needs to enable security technologies. All of the other choices are important but secondary to meeting business security needs.
5. Right Answer: A
Explanation: Policies and standards should generally be more static and less subject to frequent change. Procedures on the other hand, especially with regard to the hardening of operating systems, will be subject to constant change; as operating systems change and evolve, the procedures for hardening will have to keep pace.
Explanation: It will be much more efficient to craft all relevant requirements into policies than to create separate versions. Using statements provided by regulators will not capture all of the requirements mandated by different regulators. A compliance risk assessment is an important tool to verify that procedures ensure compliance once the policies have been established.
2. Right Answer: C
Explanation: Prioritizing information security initiatives is the only appropriate item. The interviewing of specialists should be performed by the information security manager, while the developing of program content should be performed by the information security staff. Approving access to critical financial systems is the responsibility of individual system data owners.
3. Right Answer: D
Explanation: The most important factor for information security is that it advances the interests of the business, as defined by stakeholder requirements. Interoperability and scalability, as well as development methodologies, are all important but are without merit if a technologically-elegant solution is achieved that does not meet the needs of the business.
4. Right Answer: B
Explanation: Information security will be properly aligned with the goals of the business only with the ability to understand and map organizational needs to enable security technologies. All of the other choices are important but secondary to meeting business security needs.
5. Right Answer: A
Explanation: Policies and standards should generally be more static and less subject to frequent change. Procedures on the other hand, especially with regard to the hardening of operating systems, will be subject to constant change; as operating systems change and evolve, the procedures for hardening will have to keep pace.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment