CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 21)

Page 20 of 430
PDF with 1716 Questions

An information security manager mapping a job description to types of data access is MOST likely to adhere to which of the following information security principles?

  1. Ethics
  2. Proportionality
  3. Integration
  4. Accountability

Answer(s): B

Explanation:

Information security controls should be proportionate to the risks of modification, denial of use or disclosure of the information. It is advisable to learn if the job description is apportioning more data than are necessary for that position to execute the business rules (types of data access). Principles of ethics and integration have the least to do with mapping job description to types of data access. The principle of accountability would be the second most adhered to principle since people with access to data may not always be accountable but may be required to perform an operation.



Which of the following is the MOST important prerequisite for establishing information security management within an organization?

  1. Senior management commitment
  2. Information security framework
  3. Information security organizational structure
  4. Information security policy

Answer(s): A

Explanation:

Senior management commitment is necessary in order for each of the other elements to succeed. Without senior management commitment, the other elements will likely be ignored within the organization.



What will have the HIGHEST impact on standard information security governance models?

  1. Number of employees
  2. Distance between physical locations
  3. Complexity of organizational structure
  4. Organizational budget

Answer(s): C

Explanation:

Information security governance models are highly dependent on the overall organizational structure. Some of the elements that impact organizational structure are multiple missions and functions across the organization, leadership and lines of communication. Number of employees and distance between physical locations have less impact on information security governance models since well-defined process, technology and people components intermingle to provide the proper governance. Organizational budget is not a major impact once good governance models are in place; hence governance will help in effective management of the organization's budget.



In order to highlight to management, the importance of integrating information security in the business
processes, a newly hired information security officer should FIRST:

  1. prepare a security budget.
  2. conduct a risk assessment.
  3. develop an information security policy.
  4. obtain benchmarking information.

Answer(s): B

Explanation:

Risk assessment, evaluation and impact analysis will be the starting point for driving management's attention to information security. All other choices will follow the risk assessment.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts