Home / Isaca / CISM

Question list

List of questions

Question 1

(0)

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security. Which of the following should be given immediate focus?

Question 2

(0)

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Question 3

(0)

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Question 4

(0)

Which of the following is the MOST important factor of a successful information security program?

Question 5

(0)

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Question 6

(0)

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Question 7

(0)

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Question 8

(0)

Which of the following is an example of risk mitigation?

Question 9

(0)

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Question 10

(0)

The PRIMARY objective of a post-incident review of an information security incident is to:

Question 158 - CISM discussion

Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Security risk assessment

Security operations program

Information security policy

Business impact analysis (BIA)

Suggested answer: C

Explanation:

An information security policy is the MOST helpful for aligning security operations with the IT governance framework because it defines the security objectives, principles, standards, and guidelines that guide the security operations activities and processes. An information security policy also establishes the roles and responsibilities, authorities and accountabilities, and reporting and communication mechanisms for security operations. An information security policy should be aligned with the IT governance framework, which provides the direction, structure, and oversight for the effective management and delivery of IT services and resources.An information security policy should also be consistent with the enterprise governance framework, which sets the vision, mission, values, and goals of the organization12. A security risk assessment (A) is helpful for identifying and evaluating the security risks that may affect the security operations and the IT governance framework, but it is not the MOST helpful for aligning them.A security risk assessment should be based on the information security policy, which defines the risk appetite, tolerance, and criteria for the organization12. A security operations program (B) is helpful for implementing and executing the security operations activities and processes that support the IT governance framework, but it is not the MOST helpful for aligning them.A security operations program should be derived from the information security policy, which provides the strategic direction and guidance for the security operations12. A business impact analysis (BIA) (D) is helpful for determining the criticality and priority of the business processes and functions that depend on the security operations and the IT governance framework, but it is not the MOST helpful for aligning them.A BIA should be conducted in accordance with the information security policy, which specifies the business continuity and disaster recovery requirements and objectives for the organization12.Reference=1: CISM Review Manual 15th Edition, page 75-76, 81-82, 88-89, 93-941;2: CISM Domain 1: Information Security Governance (ISG) [2022 update]2

Show Answer

asked 01/10/2024

Gabriel Ty

33 questions

Your answer: A B C D

0 comments

Sorted by