Home

Home / Isaca / CISM

Question list

List of questions

Question 1

(0)

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security. Which of the following should be given immediate focus?

Question 2

(0)

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Question 3

(0)

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Question 4

(0)

Which of the following is the MOST important factor of a successful information security program?

Question 5

(0)

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Question 6

(0)

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Question 7

(0)

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Question 8

(0)

Which of the following is an example of risk mitigation?

Question 9

(0)

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Question 10

(0)

The PRIMARY objective of a post-incident review of an information security incident is to:

Open VPLUS File

Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

The PRIMARY goal of a post-incident review should be to:

Question 107 - CISM discussion

Report

Which of the following is the GREATEST benefit of conducting an organization-wide security awareness program?

A.

The security strategy is promoted.

B.

Fewer security incidents are reported.

C.

Security behavior is improved.

D.

More security incidents are detected.

Suggested answer: C

Explanation:

The greatest benefit of conducting an organization-wide security awareness program is to improve the security behavior of the employees, contractors, partners, and other stakeholders who interact with the organization's information assets. Security behavior refers to the actions and decisions that affect the confidentiality, integrity, and availability of information, such as following the security policies and procedures, reporting security incidents, avoiding risky practices, and applying security controls. By improving the security behavior, the organization can reduce the human-related risks and vulnerabilities, enhance the security culture and awareness, and support the security strategy and objectives.

The other options are not as beneficial as improving the security behavior, although they may also be outcomes or objectives of a security awareness program. Promoting the security strategy is important to communicate the vision, mission, and goals of the security function, as well as to align the security activities with the business needs and expectations. However, promoting the security strategy alone is not enough to ensure its implementation and effectiveness, as it also requires the involvement and commitment of the stakeholders, especially the senior management. Reporting fewer security incidents may indicate a lower level of security breaches or threats, but it may also reflect a lack of detection, reporting, or awareness mechanisms. Moreover, reporting fewer security incidents is not a reliable measure of the security performance or maturity, as it does not account for the impact, severity, or root causes of the incidents. Detecting more security incidents may indicate a higher level of security monitoring, alerting, or awareness capabilities, but it may also reflect a higher level of security exposures or attacks. Moreover, detecting more security incidents is not a desirable goal of a security awareness program, as it also implies a higher level of security incidents that need to be responded to and resolved.Reference=

CISM Review Manual, 16th Edition, ISACA, 2022, pp. 201-202, 207-208.

CISM Questions, Answers & Explanations Database, ISACA, 2022, QID 1006.

The Benefits of Information Security and Privacy Awareness Training Programs, ISACA Journal, Volume 1, 2019,1.

Show Answer

asked 01/10/2024

Tuukka Valkeasuo

33 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first