CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 27
1. A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disagreement between the information security manager and the business department manager who will own the process regarding the results and the assigned risk. Which of the following would be the BEST approach of the information security manager?
A) Acceptance of the business manager's decision on the risk to the corporation
B) Acceptance of the information security manager's decision on the risk to the corporation
C) Review of the assessment with executive management for final input
D) A new risk assessment and BIA are needed to resolve the disagreement
2. Who is responsible for ensuring that information is categorized and that specific protective measures are taken?
A) The security officer
B) Senior management
C) The end user
D) The custodian
3. An organization's board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information. What actions should the board take next?
A) Direct information security on what they need to do
B) Research solutions to determine the proper solutions
C) Require management to report on compliance
D) Nothing; information security does not report to the board
4. Information security should be:
A) focused on eliminating all risks.
B) a balance between technical and business requirements.
C) driven by regulatory requirements.
D) defined by the board of directors.
5. What is the MOST important factor in the successful implementation of an enterprise wide information security program?
A) Realistic budget estimates
B) Security awareness
C) Support of senior management
D) Recalculation of the work factor
A) Acceptance of the business manager's decision on the risk to the corporation
B) Acceptance of the information security manager's decision on the risk to the corporation
C) Review of the assessment with executive management for final input
D) A new risk assessment and BIA are needed to resolve the disagreement
2. Who is responsible for ensuring that information is categorized and that specific protective measures are taken?
A) The security officer
B) Senior management
C) The end user
D) The custodian
3. An organization's board of directors has learned of recent legislation requiring organizations within the industry to enact specific safeguards to protect confidential customer information. What actions should the board take next?
A) Direct information security on what they need to do
B) Research solutions to determine the proper solutions
C) Require management to report on compliance
D) Nothing; information security does not report to the board
4. Information security should be:
A) focused on eliminating all risks.
B) a balance between technical and business requirements.
C) driven by regulatory requirements.
D) defined by the board of directors.
5. What is the MOST important factor in the successful implementation of an enterprise wide information security program?
A) Realistic budget estimates
B) Security awareness
C) Support of senior management
D) Recalculation of the work factor
1. Right Answer: C
Explanation: Executive management must be supportive of the process and fully understand and agree with the results since risk management decisions can often have a large financial impact and require major changes. Risk management means different things to different people, depending upon their role in the organization, so the input of executive management is important to the process.
2. Right Answer: B
Explanation: Routine administration of all aspects of security is delegated, but top management must retain overall responsibility. The security officer supports and implements information security for senior management. The end user does not perform categorization. The custodian supports and implements information security measures as directed.
3. Right Answer: C
Explanation: Information security governance is the responsibility of the board of directors and executive management. In this instance, the appropriate action is to ensure that a plan is in place for implementation of needed safeguards and to require updates on that implementation.
4. Right Answer: B
Explanation: Information security should ensure that business objectives are met given available technical capabilities, resource constraints and compliance requirements. It is not practical or feasible to eliminate all risks. Regulatory requirements must be considered, but are inputs to the business considerations. The board of directors does not define information security, but provides direction in support of the business goals and objectives.
5. Right Answer: C
Explanation: Without the support of senior management, an information security program has little chance of survival. A company's leadership group, more than any other group, will more successfully drive the program. Their authoritative position in the company is a key factor. Budget approval, resource commitments, and companywide participation also require the buy-in from senior management. Senior management is responsible for providing an adequate budget and the necessary resources. Security awareness is important, but not the most important factor. Recalculation of the work factor is a part of risk management.
Explanation: Executive management must be supportive of the process and fully understand and agree with the results since risk management decisions can often have a large financial impact and require major changes. Risk management means different things to different people, depending upon their role in the organization, so the input of executive management is important to the process.
2. Right Answer: B
Explanation: Routine administration of all aspects of security is delegated, but top management must retain overall responsibility. The security officer supports and implements information security for senior management. The end user does not perform categorization. The custodian supports and implements information security measures as directed.
3. Right Answer: C
Explanation: Information security governance is the responsibility of the board of directors and executive management. In this instance, the appropriate action is to ensure that a plan is in place for implementation of needed safeguards and to require updates on that implementation.
4. Right Answer: B
Explanation: Information security should ensure that business objectives are met given available technical capabilities, resource constraints and compliance requirements. It is not practical or feasible to eliminate all risks. Regulatory requirements must be considered, but are inputs to the business considerations. The board of directors does not define information security, but provides direction in support of the business goals and objectives.
5. Right Answer: C
Explanation: Without the support of senior management, an information security program has little chance of survival. A company's leadership group, more than any other group, will more successfully drive the program. Their authoritative position in the company is a key factor. Budget approval, resource commitments, and companywide participation also require the buy-in from senior management. Senior management is responsible for providing an adequate budget and the necessary resources. Security awareness is important, but not the most important factor. Recalculation of the work factor is a part of risk management.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment