Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free ISACA CISM Exam Braindumps (page: 77)

Page 77 of 430
PDF with 1716 Questions

Which of the following is the BEST method to ensure the overall effectiveness of a risk management program?

  1. User assessments of changes
  2. Comparison of the program results with industry standards
  3. Assignment of risk within the organization
  4. Participation by all members of the organization

Answer(s): D

Explanation:

Effective risk management requires participation, support and acceptance by all applicable members of the organization, beginning with the executive levels. Personnel must understand their responsibilities and be trained on how to fulfill their roles.



The MOST effective use of a risk register is to:

  1. identify risks and assign roles and responsibilities for mitigation.
  2. identify threats and probabilities.
  3. facilitate a thorough review of all IT-related risks on a periodic basis.
  4. record the annualized financial amount of expected losses due to risks.

Answer(s): C

Explanation:

A risk register is more than a simple list — it should lie used as a tool to ensure comprehensive documentation, periodic review and formal update of all risk elements in the enterprise's IT and related organization. Identifying risks and assigning roles and responsibilities for mitigation are elements of the register. Identifying threats and probabilities are two elements that are defined in the risk matrix, as differentiated from the broader scope of content in, and purpose for, the risk register. While the annualized loss expectancy (ALE) should be included in the register, this quantification is only a single element in the overall risk analysis program.



After obtaining commitment from senior management, which of the following should be completed NEXT when establishing an information security program?

  1. Define security metrics
  2. Conduct a risk assessment
  3. Perform a gap analysis
  4. Procure security tools

Answer(s): B

Explanation:

When establishing an information security program, conducting a risk assessment is key to identifying the needs of the organization and developing a security strategy. Defining security metrics, performing a gap analysis and procuring security tools are all subsequent considerations.



Which of the following are the essential ingredients of a business impact analysis (B1A)?

  1. Downtime tolerance, resources and criticality
  2. Cost of business outages in a year as a factor of the security budget
  3. Business continuity testing methodology being deployed
  4. Structure of the crisis management team

Answer(s): A

Explanation:

The main purpose of a BIA is to measure the downtime tolerance, associated resources and criticality of a business function. Options B, C and D are all associated with business continuity planning, but are not related to the BIA.






Post your Comments and Discuss ISACA CISM exam prep with other Community members:

CISM Exam Discussions & Posts