CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 35)

Page 35 of 430
PDF with 1716 Questions

Information security should be:

  1. focused on eliminating all risks.
  2. a balance between technical and business requirements.
  3. driven by regulatory requirements.
  4. defined by the board of directors.

Answer(s): B

Explanation:

Information security should ensure that business objectives are met given available technical capabilities, resource constraints and compliance requirements. It is not practical or feasible to eliminate all risks.
Regulatory requirements must be considered, but are inputs to the business considerations. The board of directors does not define information security, but provides direction in support of the business goals and objectives.



What is the MOST important factor in the successful implementation of an enterprise wide information security program?

  1. Realistic budget estimates
  2. Security awareness
  3. Support of senior management
  4. Recalculation of the work factor

Answer(s): C

Explanation:

Without the support of senior management, an information security program has little chance of survival. A company's leadership group, more than any other group, will more successfully drive the program. Their authoritative position in the company is a key factor. Budget approval, resource commitments, and companywide participation also require the buy-in from senior management. Senior management is responsible for providing an adequate budget and the necessary resources. Security awareness is important, but not the most important factor. Recalculation of the work factor is a part of risk management.



What is the MAIN risk when there is no user management representation on the Information Security Steering Committee?

  1. Functional requirements are not adequately considered.
  2. User training programs may be inadequate.
  3. Budgets allocated to business units are not appropriate.
  4. Information security plans are not aligned with business requirements

Answer(s): D

Explanation:

The steering committee controls the execution of the information security strategy, according to the needs of the organization, and decides on the project prioritization and the execution plan. User management is an important group that should be represented to ensure that the information security plans are aligned with the business needs. Functional requirements and user training programs are considered to be part of the projects but are not the main risks. The steering committee does not approve budgets for business units.



The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:

  1. the plan aligns with the organization's business plan.
  2. departmental budgets are allocated appropriately to pay for the plan.
  3. regulatory oversight requirements are met.
  4. the impact of the plan on the business units is reduced.

Answer(s): A

Explanation:

The steering committee controls the execution of the information security strategy according to the needs of the organization and decides on the project prioritization and the execution plan. The steering committee does not allocate department budgets for business units. While ensuring that regulatory oversight requirements are met could be a consideration, it is not the main reason for the review. Reducing the impact on the business units is a secondary concern but not the main reason for the review.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts