CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 6)

Page 5 of 430
PDF with 1716 Questions

Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:

  1. organizational risk.
  2. organization wide metrics.
  3. security needs.
  4. the responsibilities of organizational units.

Answer(s): A

Explanation:

Information security exists to help the organization meet its objectives. The information security manager should identify information security needs based on organizational needs. Organizational or business risk should always take precedence. Involving each organizational unit in information security and establishing metrics to measure success will be viewed favorably by senior management after the overall organizational risk is identified.



Which of the following roles would represent a conflict of interest for an information security manager?

  1. Evaluation of third parties requesting connectivity
  2. Assessment of the adequacy of disaster recovery plans
  3. Final approval of information security policies
  4. Monitoring adherence to physical security controls

Answer(s): C

Explanation:

Since management is ultimately responsible for information security, it should approve information security policy statements; the information security manager should not have final approval. Evaluation of third parties requesting access, assessment of disaster recovery plans and monitoring of compliance with physical security controls are acceptable practices and do not present any conflicts of interest.



Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?

  1. The information security department has difficulty filling vacancies.
  2. The chief information officer (CIO) approves security policy changes.
  3. The information security oversight committee only meets quarterly.
  4. The data center manager has final signoff on all security projects.

Answer(s): D

Explanation:

A steering committee should be in place to approve all security projects. The fact that the data center manager has final signoff for all security projects indicates that a steering committee is not being used and that information security is relegated to a subordinate place in the organization. This would indicate a failure of information security governance. It is not inappropriate for an oversight or steering committee to meet quarterly. Similarly, it may be desirable to have the chief information officer (CIO) approve the security policy due to the size of the organization and frequency of updates. Difficulty in filling vacancies is not uncommon due to the shortage of good, qualified information security professionals.



Which of the following requirements would have the lowest level of priority in information security?

  1. Technical
  2. Regulatory
  3. Privacy
  4. Business

Answer(s): A

Explanation:

Information security priorities may, at times, override technical specifications, which then must be rewritten to conform to minimum security standards. Regulatory and privacy requirements are government-mandated and, therefore, not subject to override. The needs of the business should always take precedence in deciding information security priorities.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts