CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 19)

Page 18 of 430
PDF with 1716 Questions

An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to:

  1. ensure that security processes are consistent across the organization.
  2. enforce baseline security levels across the organization.
  3. ensure that security processes are fully documented.
  4. implement monitoring of key performance indicators for security processes.

Answer(s): A

Explanation:

The organization first needs to move from ad hoc to repeatable processes. The organization then needs to document the processes and implement process monitoring and measurement. Baselining security levels will not necessarily assist in process improvement since baselining focuses primarily on control improvement. The organization needs to standardize processes both before documentation, and before monitoring and measurement.



Who in an organization has the responsibility for classifying information?

  1. Data custodian
  2. Database administrator
  3. Information security officer
  4. Data owner

Answer(s): D

Explanation:

The data owner has full responsibility over data. The data custodian is responsible for securing the information. The database administrator carries out the technical administration. The information security officer oversees the overall classification management of the information.



What is the PRIMARY role of the information security manager in the process of information classification within an organization?

  1. Defining and ratifying the classification structure of information assets
  2. Deciding the classification levels applied to the organization's information assets
  3. Securing information assets in accordance with their classification
  4. Checking if information assets have been classified properly

Answer(s): A

Explanation:

Defining and ratifying the classification structure of information assets is the primary role of the information security manager in the process of information classification within the organization. Choice B is incorrect because the final responsibility for deciding the classification levels rests with the data owners. Choice C is incorrect because the job of securing information assets is the responsibility of the data custodians. Choice D may be a role of an information security manager but is not the key role in this context.



Logging is an example of which type of defense against systems compromise?

  1. Containment
  2. Detection
  3. Reaction
  4. Recovery

Answer(s): B

Explanation:

Detection defenses include logging as well as monitoring, measuring, auditing, detecting viruses and intrusion. Examples of containment defenses are awareness, training and physical security defenses. Examples of reaction defenses are incident response, policy and procedure change, and control enhancement. Examples of recovery defenses are backups and restorations, failover and remote sites, and business continuity plans and disaster recovery plans.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts