CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 9
1. Who should be responsible for enforcing access rights to application data?
A) Data owners
B) Business process owners
C) The security steering committee
D) Security administrators
2. The chief information security officer (CISO) should ideally have a direct reporting relationship to the:
A) head of internal audit.
B) chief operations officer (COO).
C) chief technology officer (CTO).
D) legal counsel.
3. Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?
A) Update platform-level security settings
B) Conduct disaster recovery test exercises
C) Approve access to critical financial systems
D) Develop an information security strategy paper
4. Developing a successful business case for the acquisition of information security software products can BEST be assisted by:
A) assessing the frequency of incidents.
B) quantifying the cost of control failures.
C) calculating return on investment (ROD projections.
D) comparing spending against similar organizations.
5. When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:
A) aligned with the IT strategic plan.
B) based on the current rate of technological change.
C) three-to-five years for both hardware and software.
D) aligned with the business strategy.
A) Data owners
B) Business process owners
C) The security steering committee
D) Security administrators
2. The chief information security officer (CISO) should ideally have a direct reporting relationship to the:
A) head of internal audit.
B) chief operations officer (COO).
C) chief technology officer (CTO).
D) legal counsel.
3. Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?
A) Update platform-level security settings
B) Conduct disaster recovery test exercises
C) Approve access to critical financial systems
D) Develop an information security strategy paper
4. Developing a successful business case for the acquisition of information security software products can BEST be assisted by:
A) assessing the frequency of incidents.
B) quantifying the cost of control failures.
C) calculating return on investment (ROD projections.
D) comparing spending against similar organizations.
5. When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:
A) aligned with the IT strategic plan.
B) based on the current rate of technological change.
C) three-to-five years for both hardware and software.
D) aligned with the business strategy.
1. Right Answer: D
Explanation: As custodians, security administrators are responsible for enforcing access rights to data. Data owners are responsible for approving these access rights.Business process owners are sometimes the data owners as well, and would not be responsible for enforcement. The security steering committee would not be responsible for enforcement.
2. Right Answer: B
Explanation: The chief information security officer (CISO) should ideally report to as high a level within the organization as possible. Among the choices given, the chief operations officer (COO) would have not only the appropriate level but also the knowledge of day-to-day operations. The head of internal audit and legal counsel would make good secondary choices, although they would not be as knowledgeable of the operations. Reporting to the chief technology officer (CTO) could become problematic as the CTO's goals for the infrastructure might, at times, run counter to the goals of information security.
3. Right Answer: D
Explanation: Developing a strategy paper on information security would be the most appropriate. Approving access would be the job of the data owner. Updating platform-level security and conducting recovery test exercises would be less essential since these are administrative tasks.
4. Right Answer: C
Explanation: Calculating the return on investment (ROD will most closely align security with the impact on the bottom line. Frequency and cost of incidents are factors that go into determining the impact on the business but, by themselves, are insufficient. Comparing spending against similar organizations can be problematic since similar organizations may have different business goals and appetites for risk.
5. Right Answer: D
Explanation: Any planning for information security should be properly aligned with the needs of the business. Technology should not come before the needs of the business, nor should planning be done on an artificial timetable that ignores business needs.
Explanation: As custodians, security administrators are responsible for enforcing access rights to data. Data owners are responsible for approving these access rights.Business process owners are sometimes the data owners as well, and would not be responsible for enforcement. The security steering committee would not be responsible for enforcement.
2. Right Answer: B
Explanation: The chief information security officer (CISO) should ideally report to as high a level within the organization as possible. Among the choices given, the chief operations officer (COO) would have not only the appropriate level but also the knowledge of day-to-day operations. The head of internal audit and legal counsel would make good secondary choices, although they would not be as knowledgeable of the operations. Reporting to the chief technology officer (CTO) could become problematic as the CTO's goals for the infrastructure might, at times, run counter to the goals of information security.
3. Right Answer: D
Explanation: Developing a strategy paper on information security would be the most appropriate. Approving access would be the job of the data owner. Updating platform-level security and conducting recovery test exercises would be less essential since these are administrative tasks.
4. Right Answer: C
Explanation: Calculating the return on investment (ROD will most closely align security with the impact on the bottom line. Frequency and cost of incidents are factors that go into determining the impact on the business but, by themselves, are insufficient. Comparing spending against similar organizations can be problematic since similar organizations may have different business goals and appetites for risk.
5. Right Answer: D
Explanation: Any planning for information security should be properly aligned with the needs of the business. Technology should not come before the needs of the business, nor should planning be done on an artificial timetable that ignores business needs.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment