CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 28
1. What is the MAIN risk when there is no user management representation on the Information Security Steering Committee?
A) Functional requirements are not adequately considered.
B) User training programs may be inadequate.
C) Budgets allocated to business units are not appropriate.
D) Information security plans are not aligned with business requirements
2. The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:
A) the plan aligns with the organization's business plan.
B) departmental budgets are allocated appropriately to pay for the plan.
C) regulatory oversight requirements are met.
D) the impact of the plan on the business units is reduced.
3. Which of the following should be determined while defining risk management strategies?
A) Risk assessment criteria
B) Organizational objectives and risk appetite
C) IT architecture complexity
D) Enterprise disaster recovery plans
4. When implementing effective security governance within the requirements of the company's security strategy, which of the following is the MOST important factor to consider?
A) Preserving the confidentiality of sensitive data
B) Establishing international security standards for data sharing
C) Adhering to corporate privacy standards
D) Establishing system manager responsibility for information security
5. Which of the following is the BEST reason to perform a business impact analysis (BIA)?
A) To help determine the current state of risk
B) To budget appropriately for needed controls
C) To satisfy regulatory requirements
D) To analyze the effect on the business
A) Functional requirements are not adequately considered.
B) User training programs may be inadequate.
C) Budgets allocated to business units are not appropriate.
D) Information security plans are not aligned with business requirements
2. The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:
A) the plan aligns with the organization's business plan.
B) departmental budgets are allocated appropriately to pay for the plan.
C) regulatory oversight requirements are met.
D) the impact of the plan on the business units is reduced.
3. Which of the following should be determined while defining risk management strategies?
A) Risk assessment criteria
B) Organizational objectives and risk appetite
C) IT architecture complexity
D) Enterprise disaster recovery plans
4. When implementing effective security governance within the requirements of the company's security strategy, which of the following is the MOST important factor to consider?
A) Preserving the confidentiality of sensitive data
B) Establishing international security standards for data sharing
C) Adhering to corporate privacy standards
D) Establishing system manager responsibility for information security
5. Which of the following is the BEST reason to perform a business impact analysis (BIA)?
A) To help determine the current state of risk
B) To budget appropriately for needed controls
C) To satisfy regulatory requirements
D) To analyze the effect on the business
1. Right Answer: D
Explanation: The steering committee controls the execution of the information security strategy, according to the needs of the organization, and decides on the project prioritization and the execution plan. User management is an important group that should be represented to ensure that the information security plans are aligned with the business needs. Functional requirements and user training programs are considered to be part of the projects but are not the main risks. The steering committee does not approve budgets for business units.
2. Right Answer: A
Explanation: The steering committee controls the execution of the information security strategy according to the needs of the organization and decides on the project prioritization and the execution plan. The steering committee does not allocate department budgets for business units. While ensuring that regulatory oversight requirements are met could be a consideration, it is not the main reason for the review. Reducing the impact on the business units is a secondary concern but not the main reason for the review.
3. Right Answer: B
Explanation: While defining risk management strategies, one needs to analyze the organization's objectives and risk appetite and define a risk management framework based on this analysis. Some organizations may accept known risks, while others may invest in and apply mitigation controls to reduce risks. Risk assessment criteria would become part of this framework, but only after proper analysis. IT architecture complexity and enterprise disaster recovery plans are more directly related to assessing risks than defining strategies.
4. Right Answer: A
Explanation: The goal of information security is to protect the organization's information assets. International security standards are situational, depending upon the company and its business. Adhering to corporate privacy standards is important, but those standards must be appropriate and adequate and are not the most important factor to consider. All employees are responsible for information security, but it is not the most important factor to consider.
5. Right Answer: A
Explanation: The BIA is included as part of the process to determine the current state of risk and helps determine the acceptable levels of response from impacts and the current level of response, leading to a gap analysis. Budgeting appropriately may come as a result, but is not the reason to perform the analysis. Performing an analysis may satisfy regulatory requirements, bill is not the reason to perform one. Analyzing the effect on the business is part of the process, but one must also determine the needs or acceptable effect or response.
Explanation: The steering committee controls the execution of the information security strategy, according to the needs of the organization, and decides on the project prioritization and the execution plan. User management is an important group that should be represented to ensure that the information security plans are aligned with the business needs. Functional requirements and user training programs are considered to be part of the projects but are not the main risks. The steering committee does not approve budgets for business units.
2. Right Answer: A
Explanation: The steering committee controls the execution of the information security strategy according to the needs of the organization and decides on the project prioritization and the execution plan. The steering committee does not allocate department budgets for business units. While ensuring that regulatory oversight requirements are met could be a consideration, it is not the main reason for the review. Reducing the impact on the business units is a secondary concern but not the main reason for the review.
3. Right Answer: B
Explanation: While defining risk management strategies, one needs to analyze the organization's objectives and risk appetite and define a risk management framework based on this analysis. Some organizations may accept known risks, while others may invest in and apply mitigation controls to reduce risks. Risk assessment criteria would become part of this framework, but only after proper analysis. IT architecture complexity and enterprise disaster recovery plans are more directly related to assessing risks than defining strategies.
4. Right Answer: A
Explanation: The goal of information security is to protect the organization's information assets. International security standards are situational, depending upon the company and its business. Adhering to corporate privacy standards is important, but those standards must be appropriate and adequate and are not the most important factor to consider. All employees are responsible for information security, but it is not the most important factor to consider.
5. Right Answer: A
Explanation: The BIA is included as part of the process to determine the current state of risk and helps determine the acceptable levels of response from impacts and the current level of response, leading to a gap analysis. Budgeting appropriately may come as a result, but is not the reason to perform the analysis. Performing an analysis may satisfy regulatory requirements, bill is not the reason to perform one. Analyzing the effect on the business is part of the process, but one must also determine the needs or acceptable effect or response.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment