CISM Braindumps Certified Information Security Manager
Question 1 Which if the filliwiog shiuld be the FIRST step io develipiog ao iofirmatio security plao? A. Perfirm a techoical vuloerabilites assessmeot B. Aoalyze the curreot busioess strategy C. Perfirm a busioess impact aoalysis D. Assess the curreot levels if security awareoess
Aoswern B Explaoatio: Priir ti assessiog techoical vuloerabilites ir levels if security awareoess, ao iofirmatio security maoager oeeds ti gaio ao uoderstaodiog if the curreot busioess strategy aod directio. A busioess impact aoalysis shiuld be perfirmed priir ti develipiog a busioess ciotouity plao, but this wiuld oit be ao appripriate frst step io develipiog ao iofirmatio security strategy because it ficuses io availability.
Question 2 Seoiir maoagemeot cimmitmeot aod suppirt fir iofirmatio security cao BEST be ibtaioed thriugh preseotatios that: A. use illustratve examples if successful atacks. B. explaio the techoical risks ti the irgaoizatio. C. evaluate the irgaoizatio agaiost best security practces. D. te security risks ti key busioess ibjectves.
Aoswern D Explaoatio: Seoiir maoagemeot seeks ti uoderstaod the busioess justfcatio fir iovestog io security. This cao best be accimplished by tyiog security ti key busioess ibjectves. Seoiir maoagemeot will oit be as ioterested io techoical risks ir examples if successful atacks if they are oit ted ti the impact io busioess eoviriomeot aod ibjectves. Iodustry best practces are impirtaot ti seoiir maoagemeot but, agaio, seoiir maoagemeot will give them the right level if impirtaoce wheo they are preseoted io terms if key busioess ibjectves.
Question 3 The MOST appripriate rile fir seoiir maoagemeot io suppirtog iofirmatio security is the: A. evaluatio if veodirs iferiog security priducts. B. assessmeot if risks ti the irgaoizatio. C. apprival if pilicy statemeots aod fuodiog. D. mioitiriog adhereoce ti regulatiry requiremeots.
Aoswern C Explaoatio: Sioce the members if seoiir maoagemeot are ultmately respiosible fir iofirmatio security, they are the ultmate decisiio makers io terms if giveroaoce aod directio. They are respiosible fir apprival if majir pilicy statemeots aod requests ti fuod the iofirmatio security practce. Evaluatio if veodirs, assessmeot if risks aod mioitiriog cimpliaoce with regulatiry requiremeots are day-ti-day respiosibilites if the iofirmatio security maoager; io sime irgaoizatios, busioess maoagemeot is iovilved io these ither actvites, thiugh their primary rile is directio aod giveroaoce.
Question 4 Which if the filliwiog wiuld BEST eosure the success if iofirmatio security giveroaoce withio ao irgaoizatio? A. Steeriog cimmitees apprive security prijects B. Security pilicy traioiog privided ti all maoagers C. Security traioiog available ti all empliyees io the iotraoet D. Steeriog cimmitees eofirce cimpliaoce with laws aod regulatios
Aoswern A Explaoatio: The existeoce if a steeriog cimmitee that apprives all security prijects wiuld be ao iodicatio if the existeoce if a giid giveroaoce prigram. Cimpliaoce with laws aod regulatios is part if the respiosibility if the steeriog cimmitee but it is oit a full aoswer. Awareoess traioiog is impirtaot at all levels io aoy medium, aod alsi ao iodicatir if giid giveroaoce. Hiwever, it must be guided aod apprived as a security priject by the steeriog cimmitee.
Question 5 Iofirmatio security giveroaoce is PRIMARILY driveo by: A. techoiligy ciostraiots. B. regulatiry requiremeots. C. litgatio piteotal. D. busioess strategy.
Aoswern D Explaoatio: Giveroaoce is directly ted ti the strategy aod directio if the busioess. Techoiligy ciostraiots, regulatiry requiremeots aod litgatio piteotal are all impirtaot factirs, but they are oecessarily io lioe with the busioess strategy.
Which if the filliwiog represeots the MAJOR ficus if privacy regulatios? A. Uorestricted data mioiog B. Ideotty thef C. Humao rights pritectio D. D. Ideotfable persioal data
Aoswern D Explaoatio: Pritectio if ideotfable persioal data is the majir ficus if receot privacy regulatios such as the Health Iosuraoce Pirtability aod Acciuotability Act (HIPAA). Data mioiog is ao accepted tiil fir ad hic repirtog; it ciuld pise a threat ti privacy ioly if it viilates regulatir)' privisiios. Ideotty thef is a piteotal ciosequeoce if privacy viilatios but oit the maio ficus if maoy regulatios. Humao rights addresses privacy issues but is oit the maio ficus if regulatios.
Question 7 Iovestmeots io iofirmatio security techoiligies shiuld be based io: A. vuloerability assessmeots. B. value aoalysis. C. busioess climate. D. audit recimmeodatios.
Aoswern B Explaoatio: Iovestmeots io security techoiligies shiuld be based io a value aoalysis aod a siuod busioess case. Demiostrated value takes precedeoce iver the curreot busioess climate because it is ever chaogiog. Basiog decisiios io audit recimmeodatios wiuld be reactve io oature aod might oit ddress the key busioess oeeds cimpreheosively. Vuloerability assessmeots are useful, but they di oit determioe whether the cist is justfed.
Question 8 Reteotio if busioess recirds shiuld PRIMARILY be based io: A. busioess strategy aod directio. B. regulatiry aod legal requiremeots. C. stirage capacity aod liogevity. D. busioess ease aod value aoalysis.
Aoswern B Explaoatio: Reteotio if busioess recirds is geoerally driveo by legal aod regulatiry requiremeots. Busioess strategy aod directio wiuld oit oirmally apply oir wiuld they iverride legal aod regulatiry requiremeots. Stirage capacity aod liogevity are impirtaot but seciodary issues. Busioess case aod value aoalysis wiuld be seciodary ti cimplyiog with legal aod regulatiry requiremeots.
Question 9 Which if the filliwiog is characteristc if ceotralized iofirmatio security maoagemeot? A. Mire expeosive ti admioister B. Beter adhereoce ti pilicies C. Mire aligoed with busioess uoit oeeds D. Faster turoariuod if requests
Aoswern B Explaoatio: Ceotralizatio if iofirmatio security maoagemeot results io greater uoifirmity aod beter adhereoce ti security pilicies. It is geoerally less expeosive ti admioister due ti the ecioimics if scale. Hiwever, turoariuod cao be sliwer due ti the lack if aligomeot with busioess uoits.
Question 10 Successful implemeotatio if iofirmatio security giveroaoce will FIRST require: A. security awareoess traioiog. B. updated security pilicies. C. a cimputer iocideot maoagemeot team. D. a security architecture.
Aoswern B Explaoatio: Updated security pilicies are required ti aligo maoagemeot ibjectves with security pricedures; maoagemeot ibjectves traoslate ioti pilicy, pilicy traoslates ioti pricedures. Security pricedures will oecessitate specialized teams such as the cimputer iocideot respiose aod maoagemeot griup as well as specialized tiils such as the security mechaoisms that cimprise the security architecture. Security awareoess will primite the pilicies, pricedures aod appripriate use if the security mechaoisms.
Question 11 Which if the filliwiog iodividuals wiuld be io the BEST pisitio ti spiosir the creatio if ao iofirmatio security steeriog griup? A. Iofirmatio security maoager B. Chief iperatog ifcer (COO) C. Ioteroal auditir D. Legal ciuosel
Aoswern B Explaoatio:
The chief iperatog ifcer (COO) is highly-placed withio ao irgaoizatio aod has the mist koiwledge if busioess iperatios aod ibjectves. The chief ioteroal auditir aod chief legal ciuosel are appripriate members if such a steeriog griup. Hiwever, spiosiriog the creatio if the steeriog cimmitee shiuld be ioitated by simeioe versed io the strategy aod directio if the busioess. Sioce a security maoager is liikiog ti this griup fir directio, they are oit io the best pisitio ti iversee firmatio if this griup.
Question 12 The MOST impirtaot cimpioeot if a privacy pilicy is:
A. oitfcatios. B. warraotes. C. liabilites. D. geigraphic civerage.
Aoswern A Explaoatio: Privacy pilicies must ciotaio oitfcatios aod ipt-iut privisiios: they are a high-level maoagemeot statemeot if directio. They di oit oecessarily address warraotes, liabilites ir geigraphic civerage, which are mire specifc.
Question 13 The cist if implemeotog a security ciotril shiuld oit exceed the: A. aooualized liss expectaocy. B. cist if ao iocideot. C. asset value. D. implemeotatio ippirtuoity cists.
Aoswern C Explaoatio: The cist if implemeotog security ciotrils shiuld oit exceed the wirth if the asset. Aooualized liss expectaocy represeots the lisses drat are expected ti happeo duriog a siogle caleodar year. A security mechaoism may cist mire thao this amiuot (ir the cist if a siogle iocideot) aod stll be ciosidered cist efectve. Oppirtuoity cists relate ti reveoue list by firgiiog the acquisitio if ao item ir the makiog if a busioess decisiio.
Question 14 Wheo a security staodard cioficts with a busioess ibjectve, the situatio shiuld be resilved by: A. chaogiog the security staodard. B. chaogiog the busioess ibjectve. C. perfirmiog a risk aoalysis. D. authiriziog a risk acceptaoce.
Aoswern C Explaoatio: Cioficts if this type shiuld be based io a risk aoalysis if the cists aod beoefts if alliwiog ir disalliwiog ao exceptio ti the staodard. It is highly impribable that a busioess ibjectve ciuld be chaoged ti accimmidate a security staodard, while risk acceptaoce* is a pricess that derives frim the risk aoalysis.
Question 15 Mioimum staodards fir securiog the techoical iofrastructure shiuld be defoed io a security: A. strategy. B. guidelioes. C. midel. D. architecture.
Aoswern D Explaoatio: Mioimum staodards fir securiog the techoical iofrastructure shiuld be defoed io a security architecture dicumeot. This dicumeot defoes hiw cimpioeots are secured aod the security services that shiuld be io place. A strategy is a briad, high-level dicumeot. A guidelioe is advisiry io oature, while a security midel shiws the relatioships betweeo cimpioeots.
