CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 30
1. Which of the following is the MOST appropriate board-level activity for information security governance?
A) Establish security and continuity ownership
B) Develop 'what-if' scenarios on incidents
C) Establish measures for security baselines
D) Include security in job-performance appraisals
2. Business units within an organization are resistant to proposed changes to the information security program. Which of the following is the BEST way to address this issue?
A) Implementing additional security awareness training
B) Communicating critical risk assessment results to business unit managers
C) Including business unit representation on the security steering committee
D) Publishing updated information security policies
3. In addition to business alignment and security ownership, which of the following is MOST critical for information security governance?
A) Auditability of systems
B) Compliance with policies
C) Reporting of security metrics
D) Executive sponsorship
4. Senior management has allocated funding to each of the organization's divisions to address information security vulnerabilities. The funding is based on each division's technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?
A) Areas of highest risk may not be adequately prioritized for treatment
B) Redundant controls may be implemented across divisions
C) Information security governance could be decentralized by division
D) Return on investment may be inconsistently reported to senior management
5. The effectiveness of an information security governance framework will BEST be enhanced if:
A) IS auditors are empowered to evaluate governance activities
B) risk management is built into operational and strategic activities
C) a culture of legal and regulatory compliance is promoted by management
D) consultants review the information security governance framework
A) Establish security and continuity ownership
B) Develop 'what-if' scenarios on incidents
C) Establish measures for security baselines
D) Include security in job-performance appraisals
2. Business units within an organization are resistant to proposed changes to the information security program. Which of the following is the BEST way to address this issue?
A) Implementing additional security awareness training
B) Communicating critical risk assessment results to business unit managers
C) Including business unit representation on the security steering committee
D) Publishing updated information security policies
3. In addition to business alignment and security ownership, which of the following is MOST critical for information security governance?
A) Auditability of systems
B) Compliance with policies
C) Reporting of security metrics
D) Executive sponsorship
4. Senior management has allocated funding to each of the organization's divisions to address information security vulnerabilities. The funding is based on each division's technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?
A) Areas of highest risk may not be adequately prioritized for treatment
B) Redundant controls may be implemented across divisions
C) Information security governance could be decentralized by division
D) Return on investment may be inconsistently reported to senior management
5. The effectiveness of an information security governance framework will BEST be enhanced if:
A) IS auditors are empowered to evaluate governance activities
B) risk management is built into operational and strategic activities
C) a culture of legal and regulatory compliance is promoted by management
D) consultants review the information security governance framework
1. Right Answer: A
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: D
Explanation:
Explanation:
2. Right Answer: B
Explanation:
3. Right Answer: A
Explanation:
4. Right Answer: A
Explanation:
5. Right Answer: D
Explanation:
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment