CISM PDFs clean
277 Questions
8 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

In the context of incident response testing, what could have been prevented by conducting regular incident response testing?

  • Network downtime due to hardware failure
  • Ignored alert messages (correct)
  • Unauthorized data access
  • Compromise of encryption keys
  • When reporting on open items from the risk register to senior management, what is MOST important to communicate with regard to these risks?

  • Compensating controls
  • Key risk indicators (KRIs)
  • Responsible entities
  • Potential business impact (correct)
  • What is the PRIMARY purpose for continuous monitoring of security controls?

  • Control gaps are minimized
  • Effectiveness of controls (correct)
  • System availability
  • Alignment with compliance requirements
  • How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

    <p>Assigning restoration priority during incidents</p> Signup and view all the answers

    Which of the following is the MOST effective course of action for the security manager to take regarding employees utilizing free cloud storage services for company data through their mobile devices?

    <p>Assess the business need to provide a secure solution</p> Signup and view all the answers

    Which of the following is the MOST important consideration when determining which type of failover site to employ?

    <p>Recovery time objectives (RTOs)</p> Signup and view all the answers

    Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

    <p>Embedding compliance requirements within operational processes</p> Signup and view all the answers

    A balanced scorecard MOST effectively enables information security in which aspect?

    <p>Governance</p> Signup and view all the answers

    Which of the following is the MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?

    <p>Security metrics</p> Signup and view all the answers

    Which of the following BEST demonstrates the added value of an information security program?

    <p>A balanced scorecard</p> Signup and view all the answers

    An organization has identified a successful network attack in progress. What should the organization do FIRST?

    <p>Isolate the affected network segment</p> Signup and view all the answers

    Which is the BEST way to identify the risk associated with a social engineering attack?

    <p>Test user knowledge of information security practices</p> Signup and view all the answers

    Which of the following is the BEST way to evaluate results of the most recent incident response test?

    <p>Ensure reported security metrics are reported</p> Signup and view all the answers

    A risk assessment exercise has identified the threat of a denial of service (DoS) attack. Executive management has decided to take no further action related to this risk. What is the MOST likely reason for this decision?

    <p>The cost of implementing controls exceeds the potential financial losses</p> Signup and view all the answers

    Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?

    <p>Lessons learned analysis</p> Signup and view all the answers

    Which of the following is the MOST important consideration for providing ongoing assurance that legal and regulatory compliance requirements can be met?

    <p>Embedding compliance requirements within operational processes</p> Signup and view all the answers

    What is the best metric to measure the effectiveness of an organization's information security program?

    <p>Return on information security investment</p> Signup and view all the answers

    What is the primary responsibility of an information security manager in an organization implementing company-owned mobile devices?

    <p>Review and update existing security policies</p> Signup and view all the answers

    What process best supports the evaluation of incident response effectiveness?

    <p>Post-incident review</p> Signup and view all the answers

    What is the first step when creating an organization's disaster recovery plan (DRP)?

    <p>Conducting a business impact analysis (BIA)</p> Signup and view all the answers

    What is the best option to lower the cost of implementing application security controls?

    <p>Integrating security activities within the development process</p> Signup and view all the answers

    What should be mainly driving the information security manager's decision on the best controls to mitigate risk?

    <p>Regulatory requirements</p> Signup and view all the answers

    What is most helpful for protecting an enterprise from advanced persistent threats (APTs)?

    <p>Defined security standards</p> Signup and view all the answers

    What has the greatest influence on an organization's information security strategy?

    <p>The organization's risk tolerance</p> Signup and view all the answers

    What should effective information security training be based on?

    <p>Employees' roles</p> Signup and view all the answers

    What best determines the allocation of resources during a security incident response?

    <p>Defined levels of severity</p> Signup and view all the answers

    What is important for an information security manager to do in order to overcome the perception that security is a hindrance to business activities?

    <p>Promote the relevance and contribution of security</p> Signup and view all the answers

    What is the best way to define control requirements and develop a personal device policy after adopting a BYOD strategy?

    <p>Conduct a risk assessment</p> Signup and view all the answers

    What is the greatest benefit of conducting an organization-wide security awareness program?

    <p>Improvement of security behavior</p> Signup and view all the answers

    When is the most appropriate time to conduct a disaster recovery test?

    <p>After major business processes have been redesigned</p> Signup and view all the answers

    What is the primary purpose of incident management?

    <p>Handling control failure leading to a breach</p> Signup and view all the answers

    How can information security governance be best integrated into corporate governance?

    <p>Through an information security steering committee with business representation</p> Signup and view all the answers

    Why is conducting interviews an important part of the business impact analysis (BIA) process?

    <p>To ensure the stakeholders providing input own the related risk</p> Signup and view all the answers

    What is the potential concern for the information security manager regarding change management procedures?

    <p>Development manager migrating programs into production</p> Signup and view all the answers

    What is the greatest inherent risk when performing a disaster recovery plan (DRP) test?

    <p>Disruption to the production environment</p> Signup and view all the answers

    What should the information security manager do when a finance department director decides to outsource the organization's budget application?

    <p>Determine the required security controls for the new solution</p> Signup and view all the answers

    How can the timely execution of an incident response plan be best enabled?

    <p>By defining trigger events</p> Signup and view all the answers

    What is the initial prioritization of recovery of services contained in?

    <p>Business Impact Analysis (BIA) document</p> Signup and view all the answers

    What is the best course of action for an information security manager to align security and business goals?

    <p>Actively engaging with stakeholders</p> Signup and view all the answers

    What provides the greatest benefit of optimized allocation of recovery resources within an incident response plan?

    <p>Including incident classification criteria</p> Signup and view all the answers

    Which of the following is the BEST measure to determine the maturity of an information security program?

    <p>Security metrics</p> Signup and view all the answers

    In a business proposal, what is the MOST important consideration before relying on a vendor's certification for international security standards?

    <p>Certification scope relevance to service offered</p> Signup and view all the answers

    Which security process will BEST prevent the exploitation of system vulnerabilities?

    <p>Patch management</p> Signup and view all the answers

    What BEST supports information security management in the event of organizational changes in security personnel?

    <p>Ensuring current documentation of security processes</p> Signup and view all the answers

    What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

    <p>Review the effectiveness of controls</p> Signup and view all the answers

    Which of the following is the GREATEST challenge with assessing emerging risk in an organization?

    <p>Incomplete identification of threats</p> Signup and view all the answers

    What is the BEST justification for making a revision to a password policy?

    <p>A risk assessment</p> Signup and view all the answers

    Which of the following is the BEST way for an information security manager to improve the effectiveness of an organization's information security program?

    <p>Collaborate with business and IT functions in determining controls.</p> Signup and view all the answers

    What is the term for the consideration of the acceptable level of risk an organization is willing to take?

    <p>Risk appetite</p> Signup and view all the answers

    What is the primary purpose of incident management?

    <p>To recover from security incidents</p> Signup and view all the answers

    What is the term for the ongoing process of assessing an organization's compliance with laws and regulations?

    <p>Compliance monitoring</p> Signup and view all the answers

    What is the main focus of an organization-wide security awareness program?

    <p>Raising awareness about security</p> Signup and view all the answers

    What is the primary responsibility of an information security manager in response to data classification concerns?

    <p>Ensuring compliance with data classification policies</p> Signup and view all the answers

    What is the most important consideration for providing ongoing assurance that legal and regulatory compliance requirements can be met?

    <p>Continuous compliance monitoring</p> Signup and view all the answers

    What is the term for the actions taken to minimize the impact of known vulnerabilities in cloud applications?

    <p>Risk mitigation</p> Signup and view all the answers

    What is the primary purpose of multi-year planning in information security management?

    <p>To forecast long-term security needs</p> Signup and view all the answers

    What is the term for the process of assigning financial value to organizational assets for risk management purposes?

    <p>Asset valuation</p> Signup and view all the answers

    What is the term for the approach that involves implementing layers of security controls to protect against potential threats?

    <p>Defense-in-depth</p> Signup and view all the answers

    What is the primary focus of advanced persistent threat monitoring?

    <p>Identifying and mitigating persistent threats</p> Signup and view all the answers

    What is the term for the process of developing a high-level plan to achieve information security objectives over a specified time frame?

    <p>Security strategy</p> Signup and view all the answers

    Who is responsible for determining the initial recovery time objective (RTO) in business impact analysis (BIA)?

    <p>The business continuity coordinator</p> Signup and view all the answers

    What is the first step after the loss of a personal mobile device containing corporate information?

    <p>Initiate incident response</p> Signup and view all the answers

    How can security be integrated during application development?

    <p>Provide training on secure development practices to programmers</p> Signup and view all the answers

    What is the best way to ensure an organization's disaster recovery plan (DRP) can be carried out in an emergency?

    <p>Require disaster recovery documentation be stored with all key decision makers</p> Signup and view all the answers

    How can staff members best understand their responsibilities for information security?

    <p>Require staff to participate in information security awareness training</p> Signup and view all the answers

    What is the most helpful approach for properly scoping a security assessment of an existing vendor?

    <p>Review controls listed in the vendor contract</p> Signup and view all the answers

    How can information security governance be best integrated into enterprise governance?

    <p>Establish an information security steering committee</p> Signup and view all the answers

    What is the most important security consideration when granting remote access to confidential information to a vendor for analytic purposes?

    <p>The vendor must agree to the organization's information security policy</p> Signup and view all the answers

    What should be the primary basis for determining the value of assets?

    <p>The business cost when assets are not available</p> Signup and view all the answers

    How can the risk associated with a bring your own device (BYOD) program be best reduced?

    <p>Implement a mobile device management (MDM) solution</p> Signup and view all the answers

    What is the first step to ensure the security policy framework encompasses a new business model?

    <p>Perform a gap analysis when an organization purchases a new company</p> Signup and view all the answers

    What is the most important consideration when defining a recovery strategy in a business continuity plan (BCP)?

    <p>The organizational tolerance to service interruption</p> Signup and view all the answers

    What is the primary objective of a business impact analysis (BIA)?

    <p>Determining recovery priorities</p> Signup and view all the answers

    What is the most appropriate metric for evaluating the incident notification process?

    <p>Elapsed time between detection, reporting, and response</p> Signup and view all the answers

    What provides the greatest value of a security information and event management (SIEM) system?

    <p>Facilitating the monitoring of risk occurrences</p> Signup and view all the answers

    What is the best technical defense against unauthorized access to a corporate network through social engineering?

    <p>Requiring multi-factor authentication</p> Signup and view all the answers

    What is the primary objective of performing a post-incident review?

    <p>Identifying the root cause</p> Signup and view all the answers

    What provides the most useful information for planning purposes to achieve compliance with local regulatory requirements?

    <p>Results from a gap analysis</p> Signup and view all the answers

    What is the best evidence of alignment between corporate and information security governance?

    <p>Senior management sponsorship</p> Signup and view all the answers

    What should the chief information security officer (CISO) be most concerned with in a multinational organization facing different security requirements at each operating location?

    <p>Developing a security program that meets global and regional requirements</p> Signup and view all the answers

    What is the most important factor for an organization's information security program to be effective?

    <p>Senior management support</p> Signup and view all the answers

    What is the most important to include in an information security status report for management?

    <p>Key risk indications (KRIs)</p> Signup and view all the answers

    What is the best course of action for an organization to lower the cost of implementing application security controls?

    <p>Requiring multi-factor authentication</p> Signup and view all the answers

    What should be the primary concern for an organization's information security manager regarding change management procedures?

    <p>Ensuring security is not a hindrance to business activities</p> Signup and view all the answers

    Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?

    <p>Demonstrating that targeted security controls tie to business objectives</p> Signup and view all the answers

    Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

    <p>Unknown vulnerabilities</p> Signup and view all the answers

    Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

    <p>Loss of customers due to unavailability of products</p> Signup and view all the answers

    Which of the following activities MUST be performed by an information security manager for change requests?

    <p>Assess impact on information security risk</p> Signup and view all the answers

    What is the most effective way to prevent the introduction of vulnerabilities that may disrupt critical business applications?

    <p>Regularly updating and patching software</p> Signup and view all the answers

    What is the primary objective of the information security incident response process?

    <p>Minimize negative impact to critical operations</p> Signup and view all the answers

    What is the best security control for an organization permitting the storage and use of critical and sensitive information on employee-owned smartphones?

    <p>Establishing the authority to remote wipe</p> Signup and view all the answers

    What is the main benefit of implementing a data loss prevention (DLP) solution?

    <p>Preventing unauthorized disclosure of sensitive information</p> Signup and view all the answers

    What is the first step to gain approval for outsourcing to address a security gap?

    <p>Perform a cost-benefit analysis</p> Signup and view all the answers

    What is the best approach to make strategic information security decisions?

    <p>Establish an information security steering committee</p> Signup and view all the answers

    What is the most important factor when conducting a forensic investigation?

    <p>Maintaining a chain of custody</p> Signup and view all the answers

    How can an organization best determine the comprehensiveness of its information security strategy?

    <p>Through an internal security audit</p> Signup and view all the answers

    What is the first recommended step when learning of a new standard related to an emerging technology?

    <p>Perform a risk assessment on the new technology</p> Signup and view all the answers

    What is the main focus when tuning an intrusion prevention system (IPS) to address concerns?

    <p>Decreasing false positives</p> Signup and view all the answers

    What is the term for maintaining legally admissible evidence in an organization?

    <p>Chain of custody</p> Signup and view all the answers

    What is the best course of action to address vulnerabilities that may disrupt critical business applications?

    <p>Implementing a patch management process</p> Signup and view all the answers

    What is the primary benefit of maintaining an information security governance framework?

    <p>Managing business risks to an acceptable level</p> Signup and view all the answers

    When is penetration testing most appropriate?

    <p>When a new system is about to go live</p> Signup and view all the answers

    What is the first course of action when a retailer's information security manager discovers an HVAC vendor with remote access to stores?

    <p>Review the vendor contract</p> Signup and view all the answers

    What is the best approach to reduce unnecessary duplication of compliance activities?

    <p>Standardization of compliance requirements</p> Signup and view all the answers

    What is the most important measure of response efficiency for enterprise-wide security incidents?

    <p>Mean time to resolution (MTTR)</p> Signup and view all the answers

    What should be the basis for developing a business case for information security investment?

    <p>Losses due to security incidents</p> Signup and view all the answers

    What is the primary focus of post-incident review of an attack?

    <p>Method of operation used by the attacker</p> Signup and view all the answers

    What is the primary consideration for prioritizing security efforts?

    <p>Number of vulnerabilities identified for high-risk information assets</p> Signup and view all the answers

    What is the best approach to obtain support for a new organization-wide information security program?

    <p>Delivering an information security awareness campaign</p> Signup and view all the answers

    What is the primary basis for deciding the level of protection for an information asset?

    <p>Impact to the business function</p> Signup and view all the answers

    What is the primary purpose of regular reviews of the cybersecurity threat landscape?

    <p>Comparing emerging trends with the existing organizational security posture</p> Signup and view all the answers

    What is the best metric for assessing the overall security posture across business units?

    <p>Average number of security incidents</p> Signup and view all the answers

    Which of the following is the MOST important to consider when aligning a security awareness program with the organization's business strategy?

    <p>People and culture</p> Signup and view all the answers

    An organization is leveraging tablets to replace desktop computers shared by shift-based staff. These tablets contain critical business data and are inherently at increased risk of theft. Which of the following will BEST help to mitigate this risk?

    <p>Conduct a mobile device risk assessment</p> Signup and view all the answers

    An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

    <p>The benefit is greater than the potential risk</p> Signup and view all the answers

    During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?

    <p>Eradication</p> Signup and view all the answers

    An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

    <p>Security requirements for the process being outsourced</p> Signup and view all the answers

    Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?

    <p>Configuration management files</p> Signup and view all the answers

    Who is BEST suited to determine how the information in a database should be classified?

    <p>Data owner</p> Signup and view all the answers

    Which of the following roles is BEST able to influence the security culture within an organization?

    <p>Chief information security officer (CISO)</p> Signup and view all the answers

    Which of the following should include contact information for representatives of equipment and software vendors?

    <p>Business continuity plan (BCP)</p> Signup and view all the answers

    Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?

    <p>Maturity assessment</p> Signup and view all the answers

    Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?

    <p>Management support</p> Signup and view all the answers

    What is the MOST important reason for having an information security manager serve on the change management committee?

    <p>Advise on change-related risk</p> Signup and view all the answers

    Which of the following roles is MOST appropriate to determine access rights for specific users of an application?

    <p>Data owner</p> Signup and view all the answers

    Which of the following would provide the BEST evidence to senior management that security control performance has improved?

    <p>Demonstrated return on security investment</p> Signup and view all the answers

    Of the following, who is accountable for data loss in the event of an information security incident at a third-party provider?

    <p>The business data owner</p> Signup and view all the answers

    What is the best course of action for an online company in the event of a network attack?

    <p>Isolate the affected network segment</p> Signup and view all the answers

    Who is most appropriate to own the risk associated with the failure of privileged access control?

    <p>The business owner</p> Signup and view all the answers

    What is the most important element in achieving executive commitment to an information security governance program?

    <p>Identified business drivers</p> Signup and view all the answers

    To minimize the risk of data exposure from a stolen personal mobile device, what is the best course of action?

    <p>Wipe the device remotely</p> Signup and view all the answers

    What is the most helpful for aligning security operations with the IT governance framework?

    <p>A security operations program</p> Signup and view all the answers

    What are Recovery Time Objectives (RTOs) an output of?

    <p>Business Impact Analysis (BIA)</p> Signup and view all the answers

    What should the new information security manager demonstrate to obtain senior management support for an information security governance program?

    <p>The program's value to the organization</p> Signup and view all the answers

    What is most important for an information security manager before conducting full-functional continuity testing?

    <p>Verify that recovery teams and individuals have been identified</p> Signup and view all the answers

    What should the information security manager review to support the initiative of utilizing Software as a Service (SaaS)?

    <p>Independent security assessment reports for each vendor</p> Signup and view all the answers

    What is the primary objective of performing a post-incident review?

    <p>Identify the root cause of incidents</p> Signup and view all the answers

    What should information security activities address during the initiation phase of the system development life cycle (SDLC) for a software project?

    <p>Baseline security controls</p> Signup and view all the answers

    What is the best tool to monitor the effectiveness of information security governance?

    <p>The Balanced Scorecard</p> Signup and view all the answers

    What is the primary objective of a post-incident review of an information security incident?

    <p>To identify the root cause and prevent recurrence</p> Signup and view all the answers

    What is the most important factor in increasing the effectiveness of incident responders?

    <p>Testing response scenarios</p> Signup and view all the answers

    What is the best approach to ensuring a new application complies with information security policy?

    <p>Performing a vulnerability analysis before implementation</p> Signup and view all the answers

    What should be the first step when a forensic examination of a switched-off PC is required?

    <p>Perform a bit-by-bit backup of the hard disk using a write-blocking device</p> Signup and view all the answers

    What is the best course of action for an organization receiving complaints about encrypted files and ransom demands?

    <p>Isolating affected systems</p> Signup and view all the answers

    What is the primary objective of a business impact analysis (BIA) when implementing a security program?

    <p>Identifying critical business processes and their dependencies</p> Signup and view all the answers

    What is the most important information for influencing management's support of information security?

    <p>Demonstrating alignment with the business strategy</p> Signup and view all the answers

    What should an incident response plan include criteria for?

    <p>Escalation</p> Signup and view all the answers

    What is the first step to ensure a new security policy complies with legal and regulatory requirements?

    <p>Performing a risk analysis</p> Signup and view all the answers

    What is the primary objective of a vulnerability assessment process?

    <p>Enhancing threat management</p> Signup and view all the answers

    What is the first step when implementing a security program?

    <p>Performing a risk analysis</p> Signup and view all the answers

    What is the primary benefit of effective testing of business continuity and disaster recovery plans?

    <p>Meeting business needs within the stated recovery time objectives (RTOs)</p> Signup and view all the answers

    What is the best method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

    <p>Parallel test</p> Signup and view all the answers

    What is the best approach for managing user access permissions to ensure alignment with data classification?

    <p>Review access permissions annually</p> Signup and view all the answers

    What is the primary reason for granting a security exception?

    <p>That the risk is justified by the benefit to the business</p> Signup and view all the answers

    What is the best indication that information security governance and corporate governance are integrated?

    <p>When the information security steering committee is composed of business leaders</p> Signup and view all the answers

    What is the best approach for creating an inventory of systems where personal data is stored?

    <p>Start with the most recent systems and work backward</p> Signup and view all the answers

    What is the primary reason to monitor key risk indicators (KRIs) related to information security?

    <p>To benchmark control performance</p> Signup and view all the answers

    What is the best approach for ensuring that an information security training program is effective?

    <p>Base the contents on employees' roles</p> Signup and view all the answers

    What is the best way to label information to enhance the likelihood of people handling it securely?

    <p>According to its security classification</p> Signup and view all the answers

    What is the best method for management decisions concerning information security investments to be most effective?

    <p>Based on periodic risk assessments</p> Signup and view all the answers

    What is the best method to evaluate the legal issues associated with a transborder flow of technology-related items?

    <p>Focusing on encryption tools and personal data</p> Signup and view all the answers

    What is the best method to ensure that an information security management summary is well-received by different audiences?

    <p>Tailoring the information to each audience's needs and requirements</p> Signup and view all the answers

    What is the best approach for determining the needs of an information security steering committee?

    <p>Based on the requirements of business leaders</p> Signup and view all the answers

    What is the primary purpose of a risk register in an organization?

    <p>To provide the most comprehensive insight into ongoing threats</p> Signup and view all the answers

    What is the best way to ensure the capability to restore clean data after a ransomware attack?

    <p>Maintain multiple offline backups</p> Signup and view all the answers

    What is the primary contribution of recovery point objective (RPO) to disaster recovery?

    <p>To define backup strategy</p> Signup and view all the answers

    What is the best indication of a successful information security culture?

    <p>End users knowing how to identify and report incidents</p> Signup and view all the answers

    What is the first course of action for an information security manager when a newly introduced privacy regulation affects the business?

    <p>Identify and assess the risk in the context of business objectives</p> Signup and view all the answers

    What is the best way to effectively manage emerging cyber risk?

    <p>Cybersecurity policies</p> Signup and view all the answers

    When notified of a new vulnerability affecting key data processing systems, what is the first step?

    <p>Re-evaluate the risk</p> Signup and view all the answers

    What is the risk treatment option applied to limit risk exposure to the business when a legacy application cannot be patched?

    <p>Mitigate</p> Signup and view all the answers

    What is the most useful purpose of key performance indicators (KPIs) in information security?

    <p>To help senior management understand the status of information security compliance</p> Signup and view all the answers

    What is the best way to ensure procurement decisions consider information security concerns?

    <p>Integrate information security risk assessments into the procurement process</p> Signup and view all the answers

    What is essential when developing a categorization method for security incidents?

    <p>Agreed-upon definitions for the categories</p> Signup and view all the answers

    What is essential for effective communication of program's effectiveness to stakeholders?

    <p>Establishing metrics for each milestone</p> Signup and view all the answers

    When designing a disaster recovery plan (DRP), what MUST be available in order to prioritize system restoration?

    <p>Business impact analysis (BIA) results</p> Signup and view all the answers

    Which of the following BEST describes a buffer overflow?

    <p>A function is carried out with more data than the function can handle</p> Signup and view all the answers

    An organization is acquiring a new company. What would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

    <p>Perform a risk assessment</p> Signup and view all the answers

    When developing an asset classification program, which step should be completed FIRST?

    <p>Create an inventory</p> Signup and view all the answers

    What is the primary purpose of creating security policies?

    <p>To communicate management's security expectations</p> Signup and view all the answers

    What is the best step to address a lost smartphone containing sensitive information?

    <p>Remotely wipe the device</p> Signup and view all the answers

    What is the primary advantage of performing black-box control tests as opposed to white-box control tests?

    <p>They simulate real-world attacks</p> Signup and view all the answers

    What is the best method to protect against emerging advanced persistent threat (APT) actors?

    <p>Implementing proactive systems monitoring</p> Signup and view all the answers

    What is the primary advantage of aligning an organization's incident response capability with a public cloud service provider?

    <p>Enhanced scalability and flexibility</p> Signup and view all the answers

    What is the primary purpose of invoking a business continuity plan during a disaster?

    <p>To remain operational during the disaster</p> Signup and view all the answers

    What is the best approach for governing noncompliance with security requirements?

    <p>Requiring the steering committee to review exception requests</p> Signup and view all the answers

    What is the primary contribution of senior management support to controls assessment?

    <p>Increased accuracy of controls assessment</p> Signup and view all the answers

    What is the greatest influence on the successful adoption of an information security governance program?

    <p>Organizational culture</p> Signup and view all the answers

    What should an information security manager's first course of action be when unknown malware has infected an organization's critical system?

    <p>Trigger the incident response plan</p> Signup and view all the answers

    How can an organization's quality process best support security management?

    <p>By providing assurance that security requirements are met</p> Signup and view all the answers

    What should an information security manager do to ensure an accurate evaluation of incident response effectiveness?

    <p>Ensure senior management support for the evaluation</p> Signup and view all the answers

    What is the primary challenge for information security managers when deploying a BYOD program?

    <p>Inconsistent device security</p> Signup and view all the answers

    What is the most important requirement when collecting admissible evidence?

    <p>Chain of custody</p> Signup and view all the answers

    What continues to spread during the incident response phase of containment after a successful attack?

    <p>Malware</p> Signup and view all the answers

    What does the principle of least privilege primarily require the identification of?

    <p>Job duties</p> Signup and view all the answers

    What is the best approach when creating a security policy for a global organization?

    <p>Establish baseline standards for all locations and add supplemental standards as required</p> Signup and view all the answers

    What is the best response for a financial company executive concerned about cyberattacks?

    <p>Revalidate and mitigate risks to an acceptable level</p> Signup and view all the answers

    What is the best indication of effective information security governance?

    <p>Integration into corporate governance</p> Signup and view all the answers

    What is the best way to enable staff acceptance of information security policies?

    <p>Strong senior management support</p> Signup and view all the answers

    What is the best facilitator of effective incident response testing?

    <p>Simulating realistic test scenarios</p> Signup and view all the answers

    What is a viable containment strategy for a DDoS attack?

    <p>Redirect the attacker's traffic</p> Signup and view all the answers

    In a business case when the ROI for an information security initiative is difficult to calculate, what is the best to include?

    <p>Estimated reduction in risk</p> Signup and view all the answers

    To ensure appropriate security controls are built into software, what is the best to provide during development activities?

    <p>Standards for implementation</p> Signup and view all the answers

    Who assumes the most security responsibility in Infrastructure as a Service (IaaS) cloud model?

    <p>Cloud service buyer</p> Signup and view all the answers

    What is the primary risk owner for information security?

    <p>Business senior management</p> Signup and view all the answers

    What should be the primary objective of an information security governance framework?

    <p>Optimize the security profile of the organization</p> Signup and view all the answers

    What is the first consideration when deciding to move to a cloud-based model?

    <p>Data classification</p> Signup and view all the answers

    What greatly reduces security administration efforts?

    <p>Role-based access control</p> Signup and view all the answers

    What should the information security manager determine if IT personnel are not adhering to the information security policy due to process inefficiencies?

    <p>Risk related to noncompliance with the policy</p> Signup and view all the answers

    What should be the first step when developing a business case for a new intrusion detection system (IDS) solution?

    <p>Define the issues to be addressed</p> Signup and view all the answers

    What primarily helps in developing effective escalation and response procedures in an incident response plan?

    <p>Clear definition of a security incident</p> Signup and view all the answers

    What is the best method to ensure compliance with password standards?

    <p>Automated enforcement of password syntax rules</p> Signup and view all the answers

    What is the primary focus of the information security manager if a risk owner has accepted a large amount of risk due to the high cost of controls?

    <p>Establishing ongoing risk monitoring process</p> Signup and view all the answers

    What is the greatest challenge to a security operations center's awareness of potential security breaches?

    <p>Unsynchronized IT system clocks</p> Signup and view all the answers

    What is the basis for developing an effective information security program that supports the organization's business goals?

    <p>Information security strategy</p> Signup and view all the answers

    What is the primary responsibility of the data owner within an organization?

    <p>Being primarily accountable for associated tasks</p> Signup and view all the answers

    What is the most important requirement for a successful security program, according to management decision?

    <p>Management decision on asset value</p> Signup and view all the answers

    What primarily determines the level of protection required for assets within an organization?

    <p>Asset classification</p> Signup and view all the answers

    What is most important for the effective implementation of an information security governance program?

    <p>Effective communication of program goals</p> Signup and view all the answers

    What has the most influence on the inherent risk of an information asset?

    <p>Business criticality</p> Signup and view all the answers

    What is the most effective way for a hospital to avoid paying ransom in the event of a critical server being encrypted by ransomware?

    <p>Restoring the OS, patches, and application from a backup</p> Signup and view all the answers

    What is most important when developing escalation procedures for an incident response plan?

    <p>Ensuring the contact list is regularly updated</p> Signup and view all the answers

    What should an information security manager primarily verify when selecting a third-party forensics provider?

    <p>Technical capabilities of the provider</p> Signup and view all the answers

    What should be the information security manager's response when an employee triggers a ransomware attack by clicking on a phishing email link?

    <p>Isolating the impacted endpoints</p> Signup and view all the answers

    What represents the best practice for ensuring the integrity of a recovered system after an intrusion has been detected and contained?

    <p>Restoring the OS, patches, and application from a backup</p> Signup and view all the answers

    What is an example of risk mitigation, as indicated in the exam question summary?

    <p>Improving security controls</p> Signup and view all the answers

    What would be the information security manager's primary focus when developing escalation procedures for an incident response plan?

    <p>Regularly updating contact lists</p> Signup and view all the answers

    What is the fundamental purpose of establishing security metrics?

    <p>Provide feedback on control effectiveness</p> Signup and view all the answers

    What should be the PRIMARY focus of the information security manager when an organization decides to outsource IT operations?

    <p>Security requirements are included in the vendor contract</p> Signup and view all the answers

    Who should be responsible for determining access levels to an application that processes client information?

    <p>Business unit management</p> Signup and view all the answers

    What would be of GREATEST concern to an information security manager when data entry functions for a web-based application are outsourced to a third-party service provider?

    <p>The application is configured with restrictive access controls</p> Signup and view all the answers

    What is the most effective way to reduce the risk of targeted email attacks?

    <p>Implementing a security awareness training program for employees</p> Signup and view all the answers

    What is the most useful source when planning a business-aligned information security program?

    <p>Business impact analysis</p> Signup and view all the answers

    What is the first step an information security manager should take to comply with new incident response requirements?

    <p>Conduct a gap analysis</p> Signup and view all the answers

    In an Infrastructure as a Service (IaaS) model, what capability will best enable recovery from a security incident?

    <p>The capability to take a snapshot of virtual machines</p> Signup and view all the answers

    What can be used to prevent successful Internet protocol (IP) spoofing?

    <p>Reverse lookups</p> Signup and view all the answers

    What presents the greatest challenge to the recovery of critical systems and data following a ransomware incident?

    <p>Unavailable or corrupt data backups</p> Signup and view all the answers

    What should the information security manager prioritize during an information security post-incident review?

    <p>Evaluating incident response effectiveness</p> Signup and view all the answers

    What is the most effective way to prevent unauthorized firewall rule changes by IT employees?

    <p>Implementing strict access controls and monitoring</p> Signup and view all the answers

    What is the most likely requirement after a merger with another organization in terms of the information security program?

    <p>Revision to information security program</p> Signup and view all the answers

    What best enables the integration of information security governance into corporate governance?

    <p>An information security steering committee with business representation</p> Signup and view all the answers

    What is the most effective way to ensure that information security governance aligns with corporate governance?

    <p>Establishing a cross-functional governance committee</p> Signup and view all the answers

    What is the primary responsibility of the information security manager when evaluating third-party forensics providers?

    <p>Verify the provider's experience and expertise</p> Signup and view all the answers

    What is the primary benefit of an information security awareness training program?

    <p>Influencing human behavior</p> Signup and view all the answers

    What is the first course of action for a CISO after learning about a third-party service provider's data breach?

    <p>Determine the extent of the impact to the organization</p> Signup and view all the answers

    What is the most important detail to capture in an organization's risk register?

    <p>Risk ownership</p> Signup and view all the answers

    What is the best course of action if the business activity residual risk is lower than the acceptable risk level?

    <p>Monitor the effectiveness of controls</p> Signup and view all the answers

    What is the most important to include in monthly information security reports to the board?

    <p>Trend analysis of security metrics</p> Signup and view all the answers

    What is the most important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

    <p>Detailed incident notification process</p> Signup and view all the answers

    What is the primary advantage of single sign-on (SSO)?

    <p>Increased efficiency of access management</p> Signup and view all the answers

    What is the most critical factor for information security program success?

    <p>Information security manager's knowledge of the business</p> Signup and view all the answers

    What is the best course of action to prevent further damage after a compromised endpoint device is isolated?

    <p>Conduct a forensic analysis</p> Signup and view all the answers

    What is the best enabler for an organization to transform its culture to support information security?

    <p>Strong management support</p> Signup and view all the answers

    What is the best approach for ensuring information security governance is aligned with corporate governance?

    <p>Integration of security reporting into corporate reporting</p> Signup and view all the answers

    What is the most effective message to obtain senior management's commitment to information security management?

    <p>Security supports and protects the business</p> Signup and view all the answers

    What is the initial step for an information security manager after acquiring a company in a foreign country?

    <p>Conduct a comprehensive security assessment of the acquired company's systems and networks</p> Signup and view all the answers

    What is the beneficial type of exercise for an incident response team at the first drill?

    <p>Tabletop exercise simulating a security incident scenario</p> Signup and view all the answers

    What represents the recovery point objective (RPO) requirement?

    <p>The maximum tolerable amount of data loss after a disruption</p> Signup and view all the answers

    What is the primary objective of the information security incident response process?

    <p>To minimize the impact of security incidents on the organization</p> Signup and view all the answers

    What is the most important element in achieving executive commitment to an information security governance program?

    <p>Demonstrating the alignment of the program with business objectives</p> Signup and view all the answers

    What is the primary responsibility of an information security manager in responding to a hacked IoT device in an organization's network?

    <p>Isolate the compromised IoT device to prevent further damage</p> Signup and view all the answers

    What are the tasks to be performed once a disaster recovery plan (DRP) has been developed?

    <p>Regular testing and updating of the DRP</p> Signup and view all the answers

    What is the best indication of effective information security governance?

    <p>Consistent alignment of security measures with business objectives</p> Signup and view all the answers

    What is the primary purpose of invoking a business continuity plan during a disaster?

    <p>To ensure the continuity of critical business operations</p> Signup and view all the answers

    What is the best way to ensure procurement decisions consider information security concerns?

    <p>Incorporate security requirements into the procurement process</p> Signup and view all the answers

    What is the primary focus when developing escalation procedures for an incident response plan?

    <p>Establishing criteria for escalating incidents</p> Signup and view all the answers

    What is the best indication of a successful information security culture?

    <p>High employee compliance with security policies</p> Signup and view all the answers

    What is the primary purpose of invoking a business continuity plan during a disaster?

    <p>To resume critical business operations</p> Signup and view all the answers

    What is the most important factor of a successful information security program?

    <p>Comprehensive risk management focus</p> Signup and view all the answers

    When a mandatory security standard hinders the achievement of an identified business objective, what should an information security manager do?

    <p>Escalate the issue to senior management</p> Signup and view all the answers

    What is the best method for determining whether a firewall has been configured to provide a comprehensive perimeter defense?

    <p>Validate the current firewall rule set</p> Signup and view all the answers

    What is the primary contribution of recovery point objective (RPO) to disaster recovery?

    <p>Minimizing data loss</p> Signup and view all the answers

    What is the best approach to make strategic information security decisions?

    <p>Align decisions with business objectives</p> Signup and view all the answers

    What is the first course of action for an information security manager when employees violate a no-camera policy?

    <p>Conduct a risk assessment</p> Signup and view all the answers

    What is the best indication of effective information security governance?

    <p>Clear alignment with business objectives</p> Signup and view all the answers

    When independent penetration test results reveal high-rated vulnerability in a cloud-based application, what is the best way to proceed?

    <p>Postpone the implementation until the vulnerability is fixed</p> Signup and view all the answers

    What is the best indication of a successful information security program?

    <p>Focused on risk management</p> Signup and view all the answers

    Study Notes

    Information Security Management Questions and Answers

    • Conducting interviews as part of the business impact analysis (BIA) process is important to ensure the stakeholders providing input own the related risk.
    • The timely execution of an incident response plan can be best enabled by defining trigger events.
    • Change management procedures that are likely to cause concern to the information security manager include the development manager migrating programs into production.
    • The greatest benefit of conducting an organization-wide security awareness program is the improvement of security behavior.
    • The initial prioritization of recovery of services should be contained in the Business Impact Analysis (BIA) document.
    • The greatest inherent risk when performing a disaster recovery plan (DRP) test is disruption to the production environment.
    • Incident management is designed to handle a control failure that leads to a breach.
    • When a finance department director decides to outsource the organization's budget application, the information security manager should first determine the required security controls for the new solution.
    • The best way to integrate information security governance into corporate governance is through an information security steering committee with business representation.
    • Actively engaging with stakeholders is the best course of action for an information security manager to align security and business goals.
    • The most appropriate time to conduct a disaster recovery test would be after major business processes have been redesigned.
    • Including incident classification criteria within an incident response plan provides the greatest benefit of optimized allocation of recovery resources.

    Information Security Management and Incident Response

    • Effective execution of an incident response plan is best facilitated by ensuring the response team is trained on the plan.
    • In a post-incident review, determining the underlying reason for user error is most important.
    • The primary objective of a business impact analysis (BIA) is to determine recovery priorities.
    • Key risk indications (KRIs) are the most important to include in an information security status report for management.
    • Senior management support is the most important factor for an organization's information security program to be effective.
    • Elapsed time between detection, reporting, and response is the most appropriate metric for evaluating the incident notification process.
    • The greatest value provided by a security information and event management (SIEM) system is facilitating the monitoring of risk occurrences.
    • Requiring multi-factor authentication is the best technical defense against unauthorized access to a corporate network through social engineering.
    • The primary objective of performing a post-incident review is to identify the root cause.
    • Results from a gap analysis provide the most useful information for planning purposes to achieve compliance with local regulatory requirements.
    • Senior management sponsorship is the best evidence of alignment between corporate and information security governance.
    • The chief information security officer (CISO) should be most concerned with developing a security program that meets global and regional requirements in a multinational organization facing different security requirements at each operating location.

    Information Security Management Summary

    • The average return on investment (ROI) for security initiatives is a key metric for information security management.
    • The average number of security incidents across business units helps in assessing the overall security posture.
    • Mean time to resolution (MTTR) for enterprise-wide security incidents is an important measure of response efficiency.
    • The number of vulnerabilities identified for high-risk information assets is crucial for prioritizing security efforts.
    • When a retailer's information security manager discovers an HVAC vendor with remote access to stores, the first course of action should be to review the vendor contract.
    • Developing a business case for information security investment should be based on losses due to security incidents, enabling informed decisions by senior management.
    • The primary benefit of maintaining an information security governance framework is managing business risks to an acceptable level.
    • Post-incident review of an attack is most useful when focusing on the method of operation used by the attacker.
    • Penetration testing is most appropriate when a new system is about to go live.
    • Regular reviews of the cybersecurity threat landscape are primarily aimed at comparing emerging trends with the existing organizational security posture.
    • The best approach to reduce unnecessary duplication of compliance activities is the standardization of compliance requirements.
    • Obtaining support for a new organization-wide information security program is best achieved through delivering an information security awareness campaign.
    • The level of protection for an information asset should primarily be decided based on its impact to the business function.

    Information Security Management Summary

    • Labeling information according to its security classification enhances the likelihood of people handling information securely.
    • Management decisions concerning information security investments are most effective when they are based on consistent and periodic risk assessments.
    • When developing materials to update the board, regulatory agencies, and the media about a security incident, the information security manager should determine the needs and requirements of each audience first.
    • The best indication that information security governance and corporate governance are integrated is when the information security steering committee is composed of business leaders.
    • The best method to evaluate the effectiveness of an alternate processing site when continuous uptime is required is through a parallel test.
    • Legal issues associated with a transborder flow of technology-related items are most often related to encryption tools and personal data.
    • The best approach for managing user access permissions to ensure alignment with data classification is to review access permissions annually or whenever job responsibilities change.
    • The primary reason to monitor key risk indicators (KRIs) related to information security is to benchmark control performance.
    • When establishing a new data protection program that must comply with applicable data privacy regulations, the first step is to create an inventory of systems where personal data is stored.
    • To ensure that an information security training program is most effective, its contents should be based on employees' roles.
    • The primary reason for granting a security exception is that the risk is justified by the benefit to the business.
    • Recovery time objectives (RTOs) are best determined by business continuity officers.

    Information Security Management Summary

    • Effective communication of program's effectiveness to stakeholders requires establishing metrics for each milestone
    • To ensure procurement decisions consider information security concerns, integrate information security risk assessments into the procurement process
    • The most comprehensive insight into ongoing threats facing an organization is provided by a risk register
    • When developing a categorization method for security incidents, the categories must have agreed-upon definitions
    • Key performance indicators (KPIs) are most useful to help senior management understand the status of information security compliance
    • The contribution of recovery point objective (RPO) to disaster recovery is to define backup strategy
    • The best way to effectively manage emerging cyber risk is cybersecurity policies
    • The risk treatment option applied to limit risk exposure to the business when a legacy application cannot be patched is to mitigate
    • When notified of a new vulnerability affecting key data processing systems, the first step is to re-evaluate the risk
    • The best way to ensure the capability to restore clean data after a ransomware attack is to maintain multiple offline backups
    • The best indication of a successful information security culture is if end users know how to identify and report incidents
    • The first course of action for an information security manager when a newly introduced privacy regulation affects the business is to identify and assess the risk in the context of business objectives

    Information Security Management Summary

    • The primary risk owner for information security is the business senior management.
    • In Infrastructure as a Service (IaaS) cloud model, the cloud service buyer assumes the most security responsibility.
    • The primary objective of an information security governance framework should be to provide a baseline for optimizing the security profile of the organization.
    • Establishing a clear definition of a security incident in an incident response plan primarily helps in developing effective escalation and response procedures.
    • The first consideration when deciding to move to a cloud-based model should be data classification.
    • The first step when developing a business case for a new intrusion detection system (IDS) solution is to define the issues to be addressed.
    • If IT personnel are not adhering to the information security policy due to process inefficiencies, the information security manager should determine the risk related to noncompliance with the policy as the first step.
    • Role-based access control greatly reduces security administration efforts.
    • In a situation where a risk owner has accepted a large amount of risk due to the high cost of controls, the information security manager's primary focus should be on establishing a strong ongoing risk monitoring process.
    • The greatest challenge to a security operations center's awareness of potential security breaches is when IT system clocks are not synchronized with the centralized logging server.
    • The basis for developing an effective information security program that supports the organization's business goals should include an information security strategy.
    • The best method to ensure compliance with password standards is automated enforcement of password syntax rules.

    Information Security Manager Exam Questions Summary

    • The data owner is primarily accountable for associated tasks within an organization, according to exam question 266.
    • Management decision on asset value is the most important requirement for a successful security program, as per exam question 267.
    • Determining the current and desired state of controls is the best way to achieve compliance with new global regulations related to the protection of personal information, according to exam question 268.
    • Asset classification primarily determines the level of protection required for assets, according to exam question 269.
    • Communicating and ensuring understanding of program goals within the organization is most important for the effective implementation of an information security governance program, as per exam question 270.
    • Business criticality has the most influence on the inherent risk of an information asset, as per exam question 271.
    • A properly tested offline backup system would most effectively allow a hospital to avoid paying ransom in the event of a critical server being encrypted by ransomware, according to exam question 272.
    • Ensuring the contact list is regularly updated is most important when developing escalation procedures for an incident response plan, as per exam question 273.
    • When selecting a third-party forensics provider, an information security manager should primarily verify the technical capabilities of the provider, according to exam question 274.
    • Isolating the impacted endpoints should be the information security manager's response when an employee triggers a ransomware attack by clicking on a phishing email link, according to exam question 275.
    • Restoring the OS, patches, and application from a backup represents the best practice for ensuring the integrity of a recovered system after an intrusion has been detected and contained, as per exam question 276.
    • Improving security controls is an example of risk mitigation, as indicated in exam question 277.

    Information Security Management Practice Questions Summary

    • Answering questions on incident reflection in user security awareness training program
    • Responding to a hacked IoT device in an organization's network
    • Aligning information security program requirements with employment and staffing processes
    • Initial step for an information security manager after acquiring a company in a foreign country
    • Utilizing a balanced scorecard for effective information security governance
    • Tasks to be performed once a disaster recovery plan (DRP) has been developed
    • Supporting effective communication during information security incidents
    • Beneficial type of exercise for an incident response team at the first drill
    • Criteria for deciding whether to accept residual risk
    • Recovery point objective (RPO) requirement
    • Ensuring incident response teams are properly prepared
    • Enabling the assignment of risk and control ownership
    • Implementing network isolation techniques after a security breach

    Information Security Management Summary

    • Business Continuity Plan (BCP) triggers are defined by the Disaster Recovery Plan (DRP).
    • Senior management support is the most important consideration when establishing information security policies for an organization.
    • The first course of action for an information security manager when employees violate a no-camera policy is to conduct a risk assessment.
    • To address concerns about conflicting access rights during an acquisition, the information security manager should perform a risk assessment of the access rights.
    • The best time to update a security incident response plan is during the post-incident review.
    • When independent penetration test results reveal high-rated vulnerability in a cloud-based application, the best way to proceed is to postpone the implementation until the vulnerability is fixed.
    • Information security governance is most important to ensure an organization's cybersecurity program meets the needs of the business.
    • The best method for determining whether a firewall has been configured to provide a comprehensive perimeter defense is to validate the current firewall rule set.
    • The most important factor of a successful information security program is that it is focused on risk management.
    • An information security governance desired outcome is improved risk management.
    • When an organization quickly shifts to a work-from-home model with an increased need for remote access security, the immediate focus should be on strengthening endpoint security.
    • When a mandatory security standard hinders the achievement of an identified business objective, an information security manager should escalate to senior management.

    Studying That Suits You

    Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

    Quiz Team

    Related Documents

    CISM TEXT PDF
    CISM Questions and Answers PDF
    CISM Text PDF
    CISM TEXT (2) (dragged) 4 PDF
    CISM TEXT (2) (dragged) 6.pdf

    Description

    Test your knowledge of information security management with this quiz. From incident response plans to disaster recovery testing, these questions cover various aspects of ensuring the security and resilience of organizational information systems. Perfect for anyone involved in information security governance or management.

    More Like This

    Cyber 3
    72 questions

    Cyber 3

    CourtlyErudition avatar
    CourtlyErudition
    Cism text-2
    291 questions

    Cism text-2

    BeneficialSagacity1258 avatar
    BeneficialSagacity1258
    Gestión de Incidentes y Respuesta
    50 questions
    Use Quizgecko on...
    Browser
    Browser