CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 16)

Page 15 of 430
PDF with 1716 Questions

Information security policy enforcement is the responsibility of the:

  1. security steering committee.
  2. chief information officer (CIO).
  3. chief information security officer (CISO).
  4. chief compliance officer (CCO).

Answer(s): C

Explanation:

Information security policy enforcement is the responsibility of the chief information security officer (CISO), first and foremost. The board of directors and executive management should ensure that a security policy is in line with corporate objectives. The chief information officer (CIO) and the chief compliance officer (CCO) are involved in the enforcement of the policy but are not directly responsible for it.



A good privacy statement should include:

  1. notification of liability on accuracy of information.
  2. notification that information will be encrypted.
  3. what the company will do with information it collects.
  4. a description of the information classification process.

Answer(s): C

Explanation:

Most privacy laws and regulations require disclosure on how information will be used. Choice A is incorrect because that information should be located in the web site's disclaimer. Choice B is incorrect because, although encryption may be applied, this is not generally disclosed. Choice D is incorrect because information classification would be contained in a separate policy.



Which of the following would be MOST effective in successfully implementing restrictive password policies?

  1. Regular password audits
  2. Single sign-on system
  3. Security awareness program
  4. Penalties for noncompliance

Answer(s): C

Explanation:

To be successful in implementing restrictive password policies, it is necessary to obtain the buy-in of the end users. The best way to accomplish this is through a security awareness program. Regular password audits and penalties for noncompliance would not be as effective on their own; people would go around them unless forced by the system. Single sign-on is a technology solution that would enforce password complexity but would not promote user compliance. For the effort to be more effective, user buy-in is important.



When designing an information security quarterly report to management, the MOST important element to be considered should be the:

  1. information security metrics.
  2. knowledge required to analyze each issue.
  3. linkage to business area objectives.
  4. baseline against which metrics are evaluated.

Answer(s): C

Explanation:

The link to business objectives is the most important clement that would be considered by management. Information security metrics should be put in the context of impact to management objectives. Although important, the security knowledge required would not be the first element to be considered. Baselining against the information security metrics will be considered later in the process.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts