ExamGecko
Search Search Login
Home Home / Isaca / CISM
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?
Which of the following BEST demonstrates that an anti-phishing campaign is effective?
Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?
When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?
Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?
Which of the following roles is BEST suited to validate user access requirements during an annual user access review?
Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?
The PRIMARY goal of a post-incident review should be to:

Question 184 - CISM discussion

Report
Export

Which of the following is the BEST indication of effective information security governance?

A.
Information security is considered the responsibility of the entire information security team.
Answers
A.
Information security is considered the responsibility of the entire information security team.
B.
Information security controls are assigned to risk owners.
Answers
B.
Information security controls are assigned to risk owners.
C.
Information security is integrated into corporate governance.
Answers
C.
Information security is integrated into corporate governance.
D.
Information security governance is based on an external security framework.
Answers
D.
Information security governance is based on an external security framework.
Suggested answer: C

Explanation:

Information security governance (ISG) is the process of establishing and maintaining a framework to provide assurance that information security strategies are aligned with and support business objectives, are consistent with applicable laws and regulations through adherence to policies and internal controls, and provide assignment of responsibility, all in an effort to manage risk1.Effective ISG ensures that information security is integrated into corporate governance and is considered an essential component of enterprise governance2.Information security is not just the responsibility of the information security team, but of all stakeholders in the organization3.Information security controls are not assigned to risk owners, but to control owners who are accountable for implementing and maintaining the controls4.Information security governance is not based on an external security framework, but on the organization's own objectives, risk appetite, and compliance requirements.Reference=1: CISM Review Manual (Digital Version), page 32: CISM Review Manual (Digital Version), page 43: CISM Review Manual (Digital Version), page 54: CISM Review Manual (Digital Version), page 14 : CISM Review Manual (Digital Version), page 16

Show Answer
asked 01/10/2024
Michael Love
27 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms