CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps (page: 7)

Page 6 of 430
PDF with 1716 Questions

When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?

  1. Develop a security architecture
  2. Establish good communication with steering committee members
  3. Assemble an experienced staff
  4. Benchmark peer organizations

Answer(s): B

Explanation:

New information security managers should seek to build rapport and establish lines of communication with senior management to enlist their support. Benchmarking peer organizations is beneficial to better understand industry best practices, but it is secondary to obtaining senior management support. Similarly, developing a security architecture and assembling an experienced staff are objectives that can be obtained later.



It is MOST important that information security architecture be aligned with which of the following?

  1. Industry best practices
  2. Information technology plans
  3. Information security best practices
  4. Business objectives and goals

Answer(s): D

Explanation:

Information security architecture should always be properly aligned with business goals and objectives. Alignment with IT plans or industry and security best practices is secondary by comparison.



Which of the following is MOST likely to be discretionary?

  1. Policies
  2. Procedures
  3. Guidelines
  4. Standards

Answer(s): C

Explanation:

Policies define security goals and expectations for an organization. These are defined in more specific terms within standards and procedures. Standards establish what is to be done while procedures describe how it is to be done. Guidelines provide recommendations that business management must consider in developing practices within their areas of control; as such, they are discretionary.



Security technologies should be selected PRIMARILY on the basis of their:

  1. ability to mitigate business risks.
  2. evaluations in trade publications.
  3. use of new and emerging technologies.
  4. benefits in comparison to their costs.

Answer(s): A

Explanation:

The most fundamental evaluation criterion for the appropriate selection of any security technology is its ability to reduce or eliminate business risks. Investments in security technologies should be based on their overall value in relation to their cost; the value can be demonstrated in terms of risk mitigation. This should take precedence over whether they use new or exotic technologies or how they are evaluated in trade publications.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts