CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 13)

Page 12 of 430
PDF with 1716 Questions

Which of the following is the MOST important information to include in a strategic plan for information security?

  1. Information security staffing requirements
  2. Current state and desired future state
  3. IT capital investment requirements
  4. information security mission statement

Answer(s): B

Explanation:

It is most important to paint a vision for the future and then draw a road map from the stalling point to the desired future state. Staffing, capital investment and the mission all stem from this foundation.



Information security projects should be prioritized on the basis of:

  1. time required for implementation.
  2. impact on the organization.
  3. total cost for implementation.
  4. mix of resources required.

Answer(s): B

Explanation:

Information security projects should be assessed on the basis of the positive impact that they will have on the organization. Time, cost and resource issues should be subordinate to this objective.



Which of the following is the MOST important information to include in an information security standard?

  1. Creation date
  2. Author name
  3. Initial draft approval date
  4. Last review date

Answer(s): D

Explanation:

The last review date confirms the currency of the standard, affirming that management has reviewed the standard to assure that nothing in the environment has changed that would necessitate an update to the standard. The name of the author as well as the creation and draft dates are not that important.



Which of the following would BEST prepare an information security manager for regulatory reviews?

  1. Assign an information security administrator as regulatory liaison
  2. Perform self-assessments using regulatory guidelines and reports
  3. Assess previous regulatory reports with process owners input
  4. Ensure all regulatory inquiries are sanctioned by the legal department

Answer(s): B

Explanation:

Self-assessments provide the best feedback on readiness and permit identification of items requiring remediation. Directing regulators to a specific person or department, or assessing previous reports, is not as effective. The legal department should review all formal inquiries but this does not help prepare for a regulatory review.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts