Free CISM Braindumps

Privacy policies must contain notifications and opt-out provisions: they are a high-level
management statement of direction. They do not necessarily address warranties, liabilities or
geographic coverage, which are more specific.
QUESTION: 13
The cost of implementing a security control should not exceed the:

A. annualized loss expectancy.
B. cost of an incident.
C. asset value.
D. implementation opportunity costs.
Answer(s): C
Explanation:
The cost of implementing security controls should not exceed the worth of the asset. Annualized
loss expectancy represents the losses drat are expected to happen during a single calendar
year. A security mechanism may cost more than this amount (or the cost of a single incident)
and stil be considered cost effective. Opportunity costs relate to revenue lost by forgoing the
acquisition of an item or the making of a business decision.
QUESTION: 14
When a security standard conflicts with a business objective, the situation should be resolved
by:

A. changing the security standard.
B. changing the business objective.
C. performing a risk analysis.
D. authorizing a risk acceptance.
Answer(s): C
Explanation:
Conflicts of this type should be based on a risk analysis of the costs and benefits of allowing or
disallowing an exception to the standard. It is highly improbable that a business objective could
be changed to accommodate a security standard, while risk acceptance* is a process that
derives from the risk analysis.
QUESTION: 15
Minimum standards for securing the technical infrastructure should be defined in a security:

A. strategy.
B. guidelines.
C. model.
D. architecture.
Answer(s): D
Explanation:
Minimum standards for securing the technical infrastructure should be defined in a security
architecture document. This document defines how components are secured and the security

Get The Premium Version

Allbraindumps.com
 Test Questions PDF from Myitguides.com

 Test Questions PDF from Myitguides.com