CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 12)

Page 11 of 430
PDF with 1716 Questions

The chief information security officer (CISO) should ideally have a direct reporting relationship to the:

  1. head of internal audit.
  2. chief operations officer (COO).
  3. chief technology officer (CTO).
  4. legal counsel.

Answer(s): B

Explanation:

The chief information security officer (CISO) should ideally report to as high a level within the organization as possible. Among the choices given, the chief operations officer (COO) would have not only the appropriate level but also the knowledge of day-to-day operations. The head of internal audit and legal counsel would make good secondary choices, although they would not be as knowledgeable of the operations. Reporting to the chief technology officer (CTO) could become problematic as the CTO's goals for the infrastructure might, at times, run counter to the goals of information security.



Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?

  1. Update platform-level security settings
  2. Conduct disaster recovery test exercises
  3. Approve access to critical financial systems
  4. Develop an information security strategy paper

Answer(s): D

Explanation:

Developing a strategy paper on information security would be the most appropriate. Approving access would be the job of the data owner. Updating platform-level security and conducting recovery test exercises would be less essential since these are administrative tasks.



Developing a successful business case for the acquisition of information security software products can BEST be assisted by:

  1. assessing the frequency of incidents.
  2. quantifying the cost of control failures.
  3. calculating return on investment (ROI) projections.
  4. comparing spending against similar organizations.

Answer(s): C

Explanation:

Calculating the return on investment (ROI) will most closely align security with the impact on the bottom line. Frequency and cost of incidents are factors that go into determining the impact on the business but, by themselves, are insufficient. Comparing spending against similar organizations can be problematic since similar organizations may have different business goals and appetites for risk.



When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:

  1. aligned with the IT strategic plan.
  2. based on the current rate of technological change.
  3. three-to-five years for both hardware and software.
  4. aligned with the business strategy.

Answer(s): D

Explanation:

Any planning for information security should be properly aligned with the needs of the business. Technology should not come before the needs of the business, nor should planning be done on an artificial timetable that ignores business needs.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts