QUESTION: 145

Business units within an organization are resistant to proposed changes to the information security program. Which of the following is the BEST way to address this issue?

Implementing additional security awareness training
Communicating critical risk assessment results to business unit managers
Including business unit representation on the security steering committee
Publishing updated information security policies

Answer(s): B

Reveal Solution Next Question

QUESTION: 146

In addition to business alignment and security ownership, which of the following is MOST critical for information security governance?

Auditability of systems
Compliance with policies
Reporting of security metrics
Executive sponsorship

Answer(s): A

Reveal Solution Next Question

Senior management has allocated funding to each of the organization’s divisions to address information security vulnerabilities. The funding is based on each division’s technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?

Areas of highest risk may not be adequately prioritized for treatment
Redundant controls may be implemented across divisions
Information security governance could be decentralized by division
Return on investment may be inconsistently reported to senior management

Answer(s): A

Reveal Solution Next Question

QUESTION: 148

The effectiveness of an information security governance framework will BEST be enhanced if:

IS auditors are empowered to evaluate governance activities
risk management is built into operational and strategic activities
a culture of legal and regulatory compliance is promoted by management
consultants review the information security governance framework

Answer(s): D

Reveal Solution Next Question

Free CISM Exam Braindumps (page: 38)

QUESTION: 145

QUESTION: 146

QUESTION: 147

QUESTION: 148

CISM Exam Discussions & Posts