Home

Home / Isaca / CISM

Question list

List of questions

Question 1

(0)

An organization finds it necessary to quickly shift to a work-fromhome model with an increased need for remote access security. Which of the following should be given immediate focus?

Question 2

(0)

Which of the following is MOST important to ensuring information stored by an organization is protected appropriately?

Question 3

(0)

Which of the following BEST enables an information security manager to determine the comprehensiveness of an organization's information security strategy?

Question 4

(0)

Which of the following is the MOST important factor of a successful information security program?

Question 5

(0)

Which of the following is the BEST approach when creating a security policy for a global organization subject to varying laws and regulations?

Question 6

(0)

Which of the following presents the GREATEST challenge to the recovery of critical systems and data following a ransomware incident?

Question 7

(0)

Which of the following change management procedures is MOST likely to cause concern to the information security manager?

Question 8

(0)

Which of the following is an example of risk mitigation?

Question 9

(0)

Which of the following is MOST important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Question 10

(0)

The PRIMARY objective of a post-incident review of an information security incident is to:

Open VPLUS File

Convert VPLUS to PDF

Related questions

Which of the following BEST facilitates the effective execution of an incident response plan?

Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

Which of the following is the BEST approach to incident response for an organization migrating to a cloud-based solution?

When remote access to confidential information is granted to a vendor for analytic purposes, which of the following is the MOST important security consideration?

What should an information security manager verify FIRST when reviewing an information asset management program?

Which of the following should an information security manager do FIRST upon learning that a competitor has experienced a ransomware attack?

Several months after the installation of a new firewall with intrusion prevention features to block malicious activity, a breach was discovered that came in through the firewall shortly after installation. This breach could have been detected earlier by implementing firewall:

Which of the following roles is BEST suited to validate user access requirements during an annual user access review?

Question 299 - CISM discussion

Report

Labeling information according to its security classification:

A.

enhances the likelihood of people handling information securely.

B.

reduces the number and type of countermeasures required.

C.

reduces the need to identify baseline controls for each classification.

D.

affects the consequences if information is handled insecurely.

Suggested answer: A

Explanation:

Labeling information according to its security classification enhances the likelihood of people handling information securely. Security classification is a process of categoriz-ing information based on its level of sensitivity and importance, and applying appropri-ate security controls based on the level of risk associated with that infor-mation1. Labeling is a process of marking the information with the appropriate classifi-cation level, such as public, internal, confidential, secret, or top secret2. The purpose of labeling is to inform the users of the information about its value and protection re-quirements, and to guide them on how to handle it securely. Labeling can help users to:

* Identify the information they are dealing with and its classification level

* Understand their roles and responsibilities regarding the information

* Follow the security policies and procedures for the information

* Avoid unauthorized access, disclosure, modification, or destruction of the information

* Report any security incidents or breaches involving the information

Labeling can also help organizations to:

* Track and monitor the information and its usage

* Enforce access controls and encryption for the information

* Audit and review the compliance with security standards and regulations for the infor-mation

* Educate and train employees and stakeholders on information security awareness and best practices

Therefore, labeling information according to its security classification enhances the likelihood of people handling information securely, as it increases their awareness and accountability, and supports the implementation of security measures. The other op-tions are not the primary benefits of labeling information according to its security clas-sification. Reducing the number and type of countermeasures required is not a benefit, but rather a consequence of applying security controls based on the classification lev-el. Reducing the need to identify baseline controls for each classification is not a bene-fit, but rather a prerequisite for labeling information according to its security classifica-tion. Affecting the consequences if information is handled insecurely is not a benefit, but rather a risk that needs to be managed by implementing appropriate security con-trols and incident response procedures.

Reference: 1: Information Classification - Ad-visera 2: Information Classification in Information Security - GeeksforGeeks : Infor-mation Security Policy - NIST : Information Security Classification Framework - Queensland Government

Show Answer

asked 01/10/2024

mariam alsallal

40 questions

User

Your answer: A B C D

0 comments

Sorted by

Leave a comment first