CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 29)

Page 28 of 430
PDF with 1716 Questions

The MOST important factor in ensuring the success of an information security program is effective:

  1. communication of information security requirements to all users in the organization.
  2. formulation of policies and procedures for information security.
  3. alignment with organizational goals and objectives.
  4. monitoring compliance with information security policies and procedures.

Answer(s): C

Explanation:

The success of security programs is dependent upon alignment with organizational goals and objectives. Communication is a secondary step. Effective communication and education of users is a critical determinant of success but alignment with organizational goals and objectives is the most important factor for success. Mere formulation of policies without effective communication to users will not ensure success. Monitoring compliance with information security policies and procedures can be, at best, a detective mechanism that will not lead to success in the midst of uninformed users.



Which of the following would be MOST helpful to achieve alignment between information security and organization objectives?

  1. Key control monitoring
  2. A robust security awareness program
  3. A security program that enables business activities
  4. An effective security architecture

Answer(s): C

Explanation:

A security program enabling business activities would be most helpful to achieve alignment between information security and organization objectives. All of the other choices are part of the security program and would not individually and directly help as much as the security program.



Which of the following BEST contributes to the development of a security governance framework that supports the maturity model concept?

  1. Continuous analysis, monitoring and feedback
  2. Continuous monitoring of the return on security investment (ROSD
  3. Continuous risk reduction
  4. Key risk indicator (KRD setup to security management processes

Answer(s): A

Explanation:

To improve the governance framework and achieve a higher level of maturity, an organization needs to conduct continuous analysis, monitoring and feedback compared to the current state of maturity. Return on security investment (ROSD may show the performance result of the security-related activities; however, the result is interpreted in terms of money and extends to multiple facets of security initiatives. Thus, it may not be an adequate option. Continuous risk reduction would demonstrate the effectiveness of the security governance framework, but does not indicate a higher level of maturity. Key risk indicator (KRD setup is a tool to be used in internal control assessment. KRI setup presents a threshold to alert management when controls are being compromised in business processes. This is a control tool rather than a maturity model support tool.



The MOST complete business case for security solutions is one that.

  1. includes appropriate justification.
  2. explains the current risk profile.
  3. details regulatory requirements.
  4. identifies incidents and losses.

Answer(s): A

Explanation:

Management is primarily interested in security solutions that can address risks in the most cost-effective way. To address the needs of an organization, a business case should address appropriate security solutions in line with the organizational strategy.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts