CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 20)

Page 19 of 430
PDF with 1716 Questions

Which of the following is MOST important in developing a security strategy?

  1. Creating a positive business security environment
  2. Understanding key business objectives
  3. Having a reporting line to senior management
  4. Allocating sufficient resources to information security

Answer(s): B

Explanation:

Alignment with business strategy is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.



Who is ultimately responsible for the organization's information?

  1. Data custodian
  2. Chief information security officer (CISO)
  3. Board of directors
  4. Chief information officer (CIO)

Answer(s): C

Explanation:

The board of directors is ultimately responsible for the organization's information and is tasked with responding to issues that affect its protection. The data custodian is responsible for the maintenance and protection of data. This role is usually filled by the IT department. The chief information security officer (CISO) is responsible for security and carrying out senior management's directives. The chief information officer (CIO) is responsible for information technology within the organization and is not ultimately responsible for the organization's information.



Which of the following factors is a PRIMARY driver for information security governance that does not require any further justification?

  1. Alignment with industry best practices
  2. Business continuity investment
  3. Business benefits
  4. Regulatory compliance

Answer(s): D

Explanation:

Regulatory compliance can be a standalone driver for an information security governance measure. No further analysis nor justification is required since the entity has no choice in the regulatory requirements. Buy-in from business managers must be obtained by the information security manager when an information security governance measure is sought based on its alignment with industry best practices. Business continuity investment needs to be justified by business impact analysis. When an information security governance measure is sought based on qualitative business benefits, further analysis is required to determine whether the benefits outweigh the cost of the information security governance measure in question.



A security manager meeting the requirements for the international flow of personal data will need to ensure:

  1. a data processing agreement.
  2. a data protection registration.
  3. the agreement of the data subjects.
  4. subject access procedures.

Answer(s): C

Explanation:

Whenever personal data are transferred across national boundaries, the awareness and agreement of the data subjects are required. Choices A, B and D are supplementary data protection requirements that are not key for international data transfer.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts