Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free ISACA CISM Exam Braindumps (page: 74)

Page 74 of 430
PDF with 1716 Questions

The MOST appropriate owner of customer data stored in a central database, used only by an organization's sales department, would be the:

  1. sales department.
  2. database administrator.
  3. chief information officer (CIO).
  4. head of the sales department.

Answer(s): D

Explanation:

The owner of the information asset should be the person with the decision-making power in the department deriving the most benefit from the asset. In this case, it would be the head of the sales department. The organizational unit cannot be the owner of the asset because that removes personal responsibility. The database administrator is a custodian. The chief information officer (CIO) would not be an owner of this database because the CIO is less likely to be knowledgeable about the specific needs of sales operations and security concerns.



In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:

  1. develop an operational plan for achieving compliance with the legislation.
  2. identify systems and processes that contain privacy components.
  3. restrict the collection of personal information until compliant.
  4. identify privacy legislation in other countries that may contain similar requirements.

Answer(s): B

Explanation:

Identifying the relevant systems and processes is the best first step. Developing an operational plan for achieving compliance with the legislation is incorrect because it is not the first step. Restricting the collection of personal information comes later. Identifying privacy legislation in other countries would not add much value.



Risk assessment is MOST effective when performed:

  1. at the beginning of security program development.
  2. on a continuous basis.
  3. while developing the business case for the security program.
  4. during the business change process.

Answer(s): B

Explanation:

Risk assessment needs to be performed on a continuous basis because of organizational and technical changes. Risk assessment must take into account all significant changes in order to be effective.



Which of the following is the MAIN reason for performing risk assessment on a continuous basis'?

  1. Justification of the security budget must be continually made.
  2. New vulnerabilities are discovered every day.
  3. The risk environment is constantly changing.
  4. Management needs to be continually informed about emerging risks.

Answer(s): C

Explanation:

The risk environment is impacted by factors such as changes in technology, and business strategy. These changes introduce new threats and vulnerabilities to the organization. As a result, risk assessment should be performed continuously. Justification of a budget should never be the main reason for performing a risk assessment. New vulnerabilities should be managed through a patch management process. Informing management about emerging risks is important, but is not the main driver for determining when a risk assessment should be performed.






Post your Comments and Discuss ISACA CISM exam prep with other Community members:

CISM Exam Discussions & Posts