Free CISM Exam Braindumps

Pass your CISM exam with these free latest Questions and Answers

Which of the following should be the FIRST step in developing an information security plan?

  1. Perform a technical vulnerabilities assessment
  2. Analyze the current business strategy
  3. Perform a business impact analysis
  4. Assess the current levels of security awareness

Answer(s): B

Explanation:

Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.



A critical component of a continuous improvement program for information security is:

  1. measuring processes and providing feedback.
  2. developing a service level agreement (SLA) for security.
  3. tying corporate security standards to a recognized international standard.
  4. ensuring regulatory compliance.

Answer(s): A

Explanation:

If an organization is unable to take measurements that will improve the level of its safety program. then continuous improvement is not possible. Although desirable, developing a service level agreement (SLA) for security, tying corporate security standards to a recognized international standard and ensuring regulatory compliance are not critical components for a continuous improvement program.



Which item would be the BEST to include in the information security awareness training program for new general staff employees?

  1. Review of various security models
  2. Discussion of how to construct strong passwords
  3. Review of roles that have privileged access
  4. Discussion of vulnerability assessment results

Answer(s): B



Which of the following is the MOST likely outcome of a well-designed information security awareness course?

  1. Increased reporting of security incidents to the incident response function
  2. Decreased reporting of security incidents to the incident response function
  3. Decrease in the number of password resets
  4. Increase in the number of identified system vulnerabilities

Answer(s): A

Explanation:

A well-organized information security awareness course informs all employees of existing security policies, the importance of following safe practices for data security anil the need to report any possible security incidents to the appropriate individuals in the organization. The other choices would not be the likely outcomes.



Free CISM Exam Questions & Answers

PREMIUM VERSION

Pass Guaranteed!

50% OFF
Get 2 Exams for $68