Home

Home / Isaca / CISM

Question list

List of questions

Question 1

(0)

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security. Which of the following should be given immediate focus?

Question 2

(0)

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Question 3

(0)

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Question 4

(0)

Which of the following is the MOST important factor of a successful information security program?

Question 5

(0)

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Question 6

(0)

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Question 7

(0)

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Question 8

(0)

Which of the following is an example of risk mitigation?

Question 9

(0)

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Question 10

(0)

The PRIMARY objective of a post-incident review of an information security incident is to:

Open VPLUS File

Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

The PRIMARY goal of a post-incident review should be to:

Question 72 - CISM discussion

Report

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

A.

Assigning restoration priority during incidents

B.

Determining total cost of ownership (TCO)

C.

Evaluating vendors critical to business recovery

D.

Calculating residual risk after the incident recovery phase

Suggested answer: A

Explanation:

The incident response team can best leverage the results of a business impact analysis (BIA) by assigning restoration priority during incidents. A BIA is a process that identifies and evaluates the criticality and dependency of the organization's business functions, processes, and resources, and the potential impacts and consequences of their disruption or loss. The BIA results provide the basis for determining the recovery objectives, strategies, and plans for the organization's business continuity and disaster recovery. By using the BIA results, the incident response team can prioritize the restoration of the most critical and time-sensitive business functions, processes, and resources, and allocate the appropriate resources, personnel, and time to minimize the impact and duration of the incident.

Determining total cost of ownership (TCO) (B) is not a relevant way to leverage the results of a BIA, as it is not directly related to incident response. TCO is a financial metric that estimates the total direct and indirect costs of owning and operating an asset or a system over its lifecycle. TCO may be useful for evaluating the cost-effectiveness and return on investment of different security solutions or alternatives, but it does not help the incident response team to respond to or recover from an incident.

Evaluating vendors critical to business recovery is also not a relevant way to leverage the results of a BIA, as it is not a primary responsibility of the incident response team. Evaluating vendors critical to business recovery is a part of the vendor management process, which involves selecting, contracting, monitoring, and reviewing the vendors that provide essential products or services to support the organization's business continuity and disaster recovery. Evaluating vendors critical to business recovery may be done before or after an incident, but not during an incident, as it does not contribute to the incident response or restoration activities.

Calculating residual risk after the incident recovery phase (D) is also not a relevant way to leverage the results of a BIA, as it is not a timely or effective use of the BIA results. Residual risk is the risk that remains after the implementation of risk treatment or mitigation measures. Calculating residual risk after the incident recovery phase may be done as a part of the incident review or improvement process, but not during the incident response or restoration phase, as it does not help the incident response team to resolve or contain the incident.

Reference= CISM Review Manual, 16th Edition, Chapter 4: Information Security Incident Management, Section: Incident Response Plan, Subsection: Business Impact Analysis, page 182-1831

Show Answer

asked 01/10/2024

wietse Bonnes

37 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first