CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 4)

Page 3 of 430
PDF with 1716 Questions

Which of the following is characteristic of centralized information security management?

  1. More expensive to administer
  2. Better adherence to policies
  3. More aligned with business unit needs
  4. Faster turnaround of requests

Answer(s): B

Explanation:

Centralization of information security management results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economics of scale. However, turnaround can be slower due to the lack of alignment with business units.



Successful implementation of information security governance will FIRST require:

  1. security awareness training.
  2. updated security policies.
  3. a computer incident management team.
  4. a security architecture.

Answer(s): B

Explanation:

Updated security policies are required to align management objectives with security procedures; management objectives translate into policy; policy translates into procedures. Security procedures will necessitate specialized teams such as the computer incident response and management group as well as specialized tools such as the security mechanisms that comprise the security architecture. Security awareness will promote the policies, procedures and appropriate use of the security mechanisms.



Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?

  1. Information security manager
  2. Chief operating officer (COO)
  3. Internal auditor
  4. Legal counsel

Answer(s): B

Explanation:

The chief operating officer (COO) is highly-placed within an organization and has the most knowledge of business operations and objectives. The chief internal auditor and chief legal counsel are appropriate members of such a steering group. However, sponsoring the creation of the steering committee should be initiated by someone versed in the strategy and direction of the business. Since a security manager is looking to this group for direction, they are not in the best position to oversee formation of this group.



The MOST important component of a privacy policy is:

  1. notifications.
  2. warranties.
  3. liabilities.
  4. geographic coverage.

Answer(s): A

Explanation:

Privacy policies must contain notifications and opt-out provisions: they are a high-level management statement of direction. They do not necessarily address warranties, liabilities or geographic coverage, which are more specific.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts