CISM PDFs clean

Questions and Answers

In the context of incident response testing, what could have been prevented by conducting regular incident response testing?

Network downtime due to hardware failure

Ignored alert messages (correct)

Unauthorized data access

Compromise of encryption keys

When reporting on open items from the risk register to senior management, what is MOST important to communicate with regard to these risks?

Compensating controls

Key risk indicators (KRIs)

Responsible entities

Potential business impact (correct)

What is the PRIMARY purpose for continuous monitoring of security controls?

Control gaps are minimized

Effectiveness of controls (correct)

System availability

Alignment with compliance requirements

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

Assigning restoration priority during incidents

Which of the following is the MOST effective course of action for the security manager to take regarding employees utilizing free cloud storage services for company data through their mobile devices?

Assess the business need to provide a secure solution

Which of the following is the MOST important consideration when determining which type of failover site to employ?

Recovery time objectives (RTOs)

Which of the following BEST enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

Embedding compliance requirements within operational processes

A balanced scorecard MOST effectively enables information security in which aspect?

Governance

Which of the following is the MOST important to include in a report to key stakeholders regarding the effectiveness of an information security program?

Security metrics

Which of the following BEST demonstrates the added value of an information security program?

A balanced scorecard

An organization has identified a successful network attack in progress. What should the organization do FIRST?

Isolate the affected network segment

Which is the BEST way to identify the risk associated with a social engineering attack?

Test user knowledge of information security practices

Which of the following is the BEST way to evaluate results of the most recent incident response test?

Ensure reported security metrics are reported

A risk assessment exercise has identified the threat of a denial of service (DoS) attack. Executive management has decided to take no further action related to this risk. What is the MOST likely reason for this decision?

The cost of implementing controls exceeds the potential financial losses

Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?

Lessons learned analysis

Which of the following is the MOST important consideration for providing ongoing assurance that legal and regulatory compliance requirements can be met?

Embedding compliance requirements within operational processes

What is the best metric to measure the effectiveness of an organization's information security program?

Return on information security investment

What is the primary responsibility of an information security manager in an organization implementing company-owned mobile devices?

Review and update existing security policies

What process best supports the evaluation of incident response effectiveness?

Post-incident review

What is the first step when creating an organization's disaster recovery plan (DRP)?

Conducting a business impact analysis (BIA)

What is the best option to lower the cost of implementing application security controls?

Integrating security activities within the development process

What should be mainly driving the information security manager's decision on the best controls to mitigate risk?

Regulatory requirements

What is most helpful for protecting an enterprise from advanced persistent threats (APTs)?

Defined security standards

What has the greatest influence on an organization's information security strategy?

The organization's risk tolerance

What should effective information security training be based on?

Employees' roles

What best determines the allocation of resources during a security incident response?

Defined levels of severity

What is important for an information security manager to do in order to overcome the perception that security is a hindrance to business activities?

Promote the relevance and contribution of security

What is the best way to define control requirements and develop a personal device policy after adopting a BYOD strategy?

Conduct a risk assessment

What is the greatest benefit of conducting an organization-wide security awareness program?

Improvement of security behavior

When is the most appropriate time to conduct a disaster recovery test?

After major business processes have been redesigned

What is the primary purpose of incident management?

Handling control failure leading to a breach

How can information security governance be best integrated into corporate governance?

Through an information security steering committee with business representation

Why is conducting interviews an important part of the business impact analysis (BIA) process?

To ensure the stakeholders providing input own the related risk

What is the potential concern for the information security manager regarding change management procedures?

Development manager migrating programs into production

What is the greatest inherent risk when performing a disaster recovery plan (DRP) test?

Disruption to the production environment

What should the information security manager do when a finance department director decides to outsource the organization's budget application?

Determine the required security controls for the new solution

How can the timely execution of an incident response plan be best enabled?

By defining trigger events

What is the initial prioritization of recovery of services contained in?

Business Impact Analysis (BIA) document

What is the best course of action for an information security manager to align security and business goals?

Actively engaging with stakeholders

What provides the greatest benefit of optimized allocation of recovery resources within an incident response plan?

Including incident classification criteria

Which of the following is the BEST measure to determine the maturity of an information security program?

Security metrics

In a business proposal, what is the MOST important consideration before relying on a vendor's certification for international security standards?

Certification scope relevance to service offered

Which security process will BEST prevent the exploitation of system vulnerabilities?

Patch management

What BEST supports information security management in the event of organizational changes in security personnel?

Ensuring current documentation of security processes

What is the PRIMARY objective of performing a vulnerability assessment following a business system update?

Review the effectiveness of controls

Which of the following is the GREATEST challenge with assessing emerging risk in an organization?

Incomplete identification of threats

What is the BEST justification for making a revision to a password policy?

A risk assessment

Which of the following is the BEST way for an information security manager to improve the effectiveness of an organization's information security program?

Collaborate with business and IT functions in determining controls.

What is the term for the consideration of the acceptable level of risk an organization is willing to take?

Risk appetite

What is the primary purpose of incident management?

To recover from security incidents

What is the term for the ongoing process of assessing an organization's compliance with laws and regulations?

Compliance monitoring

What is the main focus of an organization-wide security awareness program?

Raising awareness about security

What is the primary responsibility of an information security manager in response to data classification concerns?

Ensuring compliance with data classification policies

What is the most important consideration for providing ongoing assurance that legal and regulatory compliance requirements can be met?

Continuous compliance monitoring

What is the term for the actions taken to minimize the impact of known vulnerabilities in cloud applications?

Risk mitigation

What is the primary purpose of multi-year planning in information security management?

To forecast long-term security needs

What is the term for the process of assigning financial value to organizational assets for risk management purposes?

Asset valuation

What is the term for the approach that involves implementing layers of security controls to protect against potential threats?

Defense-in-depth

What is the primary focus of advanced persistent threat monitoring?

Identifying and mitigating persistent threats

What is the term for the process of developing a high-level plan to achieve information security objectives over a specified time frame?

Security strategy

Who is responsible for determining the initial recovery time objective (RTO) in business impact analysis (BIA)?

The business continuity coordinator

What is the first step after the loss of a personal mobile device containing corporate information?

Initiate incident response

How can security be integrated during application development?

Provide training on secure development practices to programmers

What is the best way to ensure an organization's disaster recovery plan (DRP) can be carried out in an emergency?

Require disaster recovery documentation be stored with all key decision makers

How can staff members best understand their responsibilities for information security?

Require staff to participate in information security awareness training

What is the most helpful approach for properly scoping a security assessment of an existing vendor?

Review controls listed in the vendor contract

How can information security governance be best integrated into enterprise governance?

Establish an information security steering committee

What is the most important security consideration when granting remote access to confidential information to a vendor for analytic purposes?

The vendor must agree to the organization's information security policy

What should be the primary basis for determining the value of assets?

The business cost when assets are not available

How can the risk associated with a bring your own device (BYOD) program be best reduced?

Implement a mobile device management (MDM) solution

What is the first step to ensure the security policy framework encompasses a new business model?

Perform a gap analysis when an organization purchases a new company

What is the most important consideration when defining a recovery strategy in a business continuity plan (BCP)?

The organizational tolerance to service interruption

What is the primary objective of a business impact analysis (BIA)?

Determining recovery priorities

What is the most appropriate metric for evaluating the incident notification process?

Elapsed time between detection, reporting, and response

What provides the greatest value of a security information and event management (SIEM) system?

Facilitating the monitoring of risk occurrences

What is the best technical defense against unauthorized access to a corporate network through social engineering?

Requiring multi-factor authentication

What is the primary objective of performing a post-incident review?

Identifying the root cause

What provides the most useful information for planning purposes to achieve compliance with local regulatory requirements?

Results from a gap analysis

What is the best evidence of alignment between corporate and information security governance?

Senior management sponsorship

What should the chief information security officer (CISO) be most concerned with in a multinational organization facing different security requirements at each operating location?

Developing a security program that meets global and regional requirements

What is the most important factor for an organization's information security program to be effective?

Senior management support

What is the most important to include in an information security status report for management?

Key risk indications (KRIs)

What is the best course of action for an organization to lower the cost of implementing application security controls?

Requiring multi-factor authentication

What should be the primary concern for an organization's information security manager regarding change management procedures?

Ensuring security is not a hindrance to business activities

Which of the following would be MOST effective in gaining senior management approval of security investments in network infrastructure?

Demonstrating that targeted security controls tie to business objectives

Which of the following should be the PRIMARY area of focus when mitigating security risks associated with emerging technologies?

Unknown vulnerabilities

Which of the following risk scenarios is MOST likely to emerge from a supply chain attack?

Loss of customers due to unavailability of products

Which of the following activities MUST be performed by an information security manager for change requests?

Assess impact on information security risk

What is the most effective way to prevent the introduction of vulnerabilities that may disrupt critical business applications?

Regularly updating and patching software

What is the primary objective of the information security incident response process?

Minimize negative impact to critical operations

What is the best security control for an organization permitting the storage and use of critical and sensitive information on employee-owned smartphones?

Establishing the authority to remote wipe

What is the main benefit of implementing a data loss prevention (DLP) solution?

Preventing unauthorized disclosure of sensitive information

What is the first step to gain approval for outsourcing to address a security gap?

Perform a cost-benefit analysis

What is the best approach to make strategic information security decisions?

Establish an information security steering committee

What is the most important factor when conducting a forensic investigation?

Maintaining a chain of custody

How can an organization best determine the comprehensiveness of its information security strategy?

Through an internal security audit

What is the first recommended step when learning of a new standard related to an emerging technology?

Perform a risk assessment on the new technology

What is the main focus when tuning an intrusion prevention system (IPS) to address concerns?

Decreasing false positives

What is the term for maintaining legally admissible evidence in an organization?

Chain of custody

What is the best course of action to address vulnerabilities that may disrupt critical business applications?

Implementing a patch management process

What is the primary benefit of maintaining an information security governance framework?

Managing business risks to an acceptable level

When is penetration testing most appropriate?

When a new system is about to go live

What is the first course of action when a retailer's information security manager discovers an HVAC vendor with remote access to stores?

Review the vendor contract

What is the best approach to reduce unnecessary duplication of compliance activities?

Standardization of compliance requirements

What is the most important measure of response efficiency for enterprise-wide security incidents?

Mean time to resolution (MTTR)

What should be the basis for developing a business case for information security investment?

Losses due to security incidents

What is the primary focus of post-incident review of an attack?

Method of operation used by the attacker

What is the primary consideration for prioritizing security efforts?

Number of vulnerabilities identified for high-risk information assets

What is the best approach to obtain support for a new organization-wide information security program?

Delivering an information security awareness campaign

What is the primary basis for deciding the level of protection for an information asset?

Impact to the business function

What is the primary purpose of regular reviews of the cybersecurity threat landscape?

Comparing emerging trends with the existing organizational security posture

What is the best metric for assessing the overall security posture across business units?

Average number of security incidents

Which of the following is the MOST important to consider when aligning a security awareness program with the organization's business strategy?

People and culture

An organization is leveraging tablets to replace desktop computers shared by shift-based staff. These tablets contain critical business data and are inherently at increased risk of theft. Which of the following will BEST help to mitigate this risk?

Conduct a mobile device risk assessment

An organization's security policy is to disable access to USB storage devices on laptops and desktops. Which of the following is the STRONGEST justification for granting an exception to the policy?

The benefit is greater than the potential risk

During which of the following phases should an incident response team document actions required to remove the threat that caused the incident?

Eradication

An information security manager is assisting in the development of the request for proposal (RFP) for a new outsourced service. This will require the third party to have access to critical business information. The security manager should focus PRIMARILY on defining:

Security requirements for the process being outsourced

Which of the following should be considered FIRST when recovering a compromised system that needs a complete rebuild?

Configuration management files

Who is BEST suited to determine how the information in a database should be classified?

Data owner

Which of the following roles is BEST able to influence the security culture within an organization?

Chief information security officer (CISO)

Which of the following should include contact information for representatives of equipment and software vendors?

Business continuity plan (BCP)

Which of the following methods is the BEST way to demonstrate that an information security program provides appropriate coverage?

Maturity assessment

Which of the following factors has the GREATEST influence on the successful implementation of information security strategy goals?

Management support

What is the MOST important reason for having an information security manager serve on the change management committee?

Advise on change-related risk

Which of the following roles is MOST appropriate to determine access rights for specific users of an application?

Data owner

Which of the following would provide the BEST evidence to senior management that security control performance has improved?

Demonstrated return on security investment

Of the following, who is accountable for data loss in the event of an information security incident at a third-party provider?

The business data owner

What is the best course of action for an online company in the event of a network attack?

Isolate the affected network segment

Who is most appropriate to own the risk associated with the failure of privileged access control?

The business owner

What is the most important element in achieving executive commitment to an information security governance program?

Identified business drivers

To minimize the risk of data exposure from a stolen personal mobile device, what is the best course of action?

Wipe the device remotely

What is the most helpful for aligning security operations with the IT governance framework?

A security operations program

What are Recovery Time Objectives (RTOs) an output of?

Business Impact Analysis (BIA)

What should the new information security manager demonstrate to obtain senior management support for an information security governance program?

The program's value to the organization

What is most important for an information security manager before conducting full-functional continuity testing?

Verify that recovery teams and individuals have been identified

What should the information security manager review to support the initiative of utilizing Software as a Service (SaaS)?

Independent security assessment reports for each vendor

What is the primary objective of performing a post-incident review?

Identify the root cause of incidents

What should information security activities address during the initiation phase of the system development life cycle (SDLC) for a software project?

Baseline security controls

What is the best tool to monitor the effectiveness of information security governance?

The Balanced Scorecard

What is the primary objective of a post-incident review of an information security incident?

To identify the root cause and prevent recurrence

What is the most important factor in increasing the effectiveness of incident responders?

Testing response scenarios

What is the best approach to ensuring a new application complies with information security policy?

Performing a vulnerability analysis before implementation

What should be the first step when a forensic examination of a switched-off PC is required?

Perform a bit-by-bit backup of the hard disk using a write-blocking device

What is the best course of action for an organization receiving complaints about encrypted files and ransom demands?

Isolating affected systems

What is the primary objective of a business impact analysis (BIA) when implementing a security program?

Identifying critical business processes and their dependencies

What is the most important information for influencing management's support of information security?

Demonstrating alignment with the business strategy

What should an incident response plan include criteria for?

Escalation

What is the first step to ensure a new security policy complies with legal and regulatory requirements?

Performing a risk analysis

What is the primary objective of a vulnerability assessment process?

Enhancing threat management

What is the first step when implementing a security program?

Performing a risk analysis

What is the primary benefit of effective testing of business continuity and disaster recovery plans?

Meeting business needs within the stated recovery time objectives (RTOs)

What is the best method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

Parallel test

What is the best approach for managing user access permissions to ensure alignment with data classification?

Review access permissions annually

What is the primary reason for granting a security exception?

That the risk is justified by the benefit to the business

What is the best indication that information security governance and corporate governance are integrated?

When the information security steering committee is composed of business leaders

What is the best approach for creating an inventory of systems where personal data is stored?

Start with the most recent systems and work backward

What is the primary reason to monitor key risk indicators (KRIs) related to information security?

To benchmark control performance

What is the best approach for ensuring that an information security training program is effective?

Base the contents on employees' roles

What is the best way to label information to enhance the likelihood of people handling it securely?

According to its security classification

What is the best method for management decisions concerning information security investments to be most effective?

Based on periodic risk assessments

What is the best method to evaluate the legal issues associated with a transborder flow of technology-related items?

Focusing on encryption tools and personal data

What is the best method to ensure that an information security management summary is well-received by different audiences?

Tailoring the information to each audience's needs and requirements

What is the best approach for determining the needs of an information security steering committee?

Based on the requirements of business leaders

What is the primary purpose of a risk register in an organization?

To provide the most comprehensive insight into ongoing threats

What is the best way to ensure the capability to restore clean data after a ransomware attack?

Maintain multiple offline backups

What is the primary contribution of recovery point objective (RPO) to disaster recovery?

To define backup strategy

What is the best indication of a successful information security culture?

End users knowing how to identify and report incidents

What is the first course of action for an information security manager when a newly introduced privacy regulation affects the business?

Identify and assess the risk in the context of business objectives

What is the best way to effectively manage emerging cyber risk?

Cybersecurity policies

When notified of a new vulnerability affecting key data processing systems, what is the first step?

Re-evaluate the risk

What is the risk treatment option applied to limit risk exposure to the business when a legacy application cannot be patched?

Mitigate

What is the most useful purpose of key performance indicators (KPIs) in information security?

To help senior management understand the status of information security compliance

What is the best way to ensure procurement decisions consider information security concerns?

Integrate information security risk assessments into the procurement process

What is essential when developing a categorization method for security incidents?

Agreed-upon definitions for the categories

What is essential for effective communication of program's effectiveness to stakeholders?

Establishing metrics for each milestone

When designing a disaster recovery plan (DRP), what MUST be available in order to prioritize system restoration?

Business impact analysis (BIA) results

Which of the following BEST describes a buffer overflow?

A function is carried out with more data than the function can handle

An organization is acquiring a new company. What would be the BEST approach to determine how to protect newly acquired data assets prior to integration?

Perform a risk assessment

When developing an asset classification program, which step should be completed FIRST?

Create an inventory

What is the primary purpose of creating security policies?

To communicate management's security expectations

What is the best step to address a lost smartphone containing sensitive information?

Remotely wipe the device

What is the primary advantage of performing black-box control tests as opposed to white-box control tests?

They simulate real-world attacks

What is the best method to protect against emerging advanced persistent threat (APT) actors?

Implementing proactive systems monitoring

What is the primary advantage of aligning an organization's incident response capability with a public cloud service provider?

Enhanced scalability and flexibility

What is the primary purpose of invoking a business continuity plan during a disaster?

To remain operational during the disaster

What is the best approach for governing noncompliance with security requirements?

Requiring the steering committee to review exception requests

What is the primary contribution of senior management support to controls assessment?

Increased accuracy of controls assessment

What is the greatest influence on the successful adoption of an information security governance program?

Organizational culture

What should an information security manager's first course of action be when unknown malware has infected an organization's critical system?

Trigger the incident response plan

How can an organization's quality process best support security management?

By providing assurance that security requirements are met

What should an information security manager do to ensure an accurate evaluation of incident response effectiveness?

Ensure senior management support for the evaluation

What is the primary challenge for information security managers when deploying a BYOD program?

Inconsistent device security

What is the most important requirement when collecting admissible evidence?

Chain of custody

What continues to spread during the incident response phase of containment after a successful attack?

Malware

What does the principle of least privilege primarily require the identification of?

Job duties

What is the best approach when creating a security policy for a global organization?

Establish baseline standards for all locations and add supplemental standards as required

What is the best response for a financial company executive concerned about cyberattacks?

Revalidate and mitigate risks to an acceptable level

What is the best indication of effective information security governance?

Integration into corporate governance

What is the best way to enable staff acceptance of information security policies?

Strong senior management support

What is the best facilitator of effective incident response testing?

Simulating realistic test scenarios

What is a viable containment strategy for a DDoS attack?

Redirect the attacker's traffic

In a business case when the ROI for an information security initiative is difficult to calculate, what is the best to include?

Estimated reduction in risk

To ensure appropriate security controls are built into software, what is the best to provide during development activities?

Standards for implementation

Who assumes the most security responsibility in Infrastructure as a Service (IaaS) cloud model?

Cloud service buyer

What is the primary risk owner for information security?

Business senior management

What should be the primary objective of an information security governance framework?

Optimize the security profile of the organization

What is the first consideration when deciding to move to a cloud-based model?

Data classification

What greatly reduces security administration efforts?

Role-based access control

What should the information security manager determine if IT personnel are not adhering to the information security policy due to process inefficiencies?

Risk related to noncompliance with the policy

What should be the first step when developing a business case for a new intrusion detection system (IDS) solution?

Define the issues to be addressed

What primarily helps in developing effective escalation and response procedures in an incident response plan?

Clear definition of a security incident

What is the best method to ensure compliance with password standards?

Automated enforcement of password syntax rules

What is the primary focus of the information security manager if a risk owner has accepted a large amount of risk due to the high cost of controls?

Establishing ongoing risk monitoring process

What is the greatest challenge to a security operations center's awareness of potential security breaches?

Unsynchronized IT system clocks

What is the basis for developing an effective information security program that supports the organization's business goals?

Information security strategy

What is the primary responsibility of the data owner within an organization?

Being primarily accountable for associated tasks

What is the most important requirement for a successful security program, according to management decision?

Management decision on asset value

What primarily determines the level of protection required for assets within an organization?

Asset classification

What is most important for the effective implementation of an information security governance program?

Effective communication of program goals

What has the most influence on the inherent risk of an information asset?

Business criticality

What is the most effective way for a hospital to avoid paying ransom in the event of a critical server being encrypted by ransomware?

Restoring the OS, patches, and application from a backup

What is most important when developing escalation procedures for an incident response plan?

Ensuring the contact list is regularly updated

What should an information security manager primarily verify when selecting a third-party forensics provider?

Technical capabilities of the provider

What should be the information security manager's response when an employee triggers a ransomware attack by clicking on a phishing email link?

Isolating the impacted endpoints

What represents the best practice for ensuring the integrity of a recovered system after an intrusion has been detected and contained?

Restoring the OS, patches, and application from a backup

What is an example of risk mitigation, as indicated in the exam question summary?

Improving security controls

What would be the information security manager's primary focus when developing escalation procedures for an incident response plan?

Regularly updating contact lists

What is the fundamental purpose of establishing security metrics?

Provide feedback on control effectiveness

What should be the PRIMARY focus of the information security manager when an organization decides to outsource IT operations?

Security requirements are included in the vendor contract

Who should be responsible for determining access levels to an application that processes client information?

Business unit management

What would be of GREATEST concern to an information security manager when data entry functions for a web-based application are outsourced to a third-party service provider?

The application is configured with restrictive access controls

What is the most effective way to reduce the risk of targeted email attacks?

Implementing a security awareness training program for employees

What is the most useful source when planning a business-aligned information security program?

Business impact analysis

What is the first step an information security manager should take to comply with new incident response requirements?

Conduct a gap analysis

In an Infrastructure as a Service (IaaS) model, what capability will best enable recovery from a security incident?

The capability to take a snapshot of virtual machines

What can be used to prevent successful Internet protocol (IP) spoofing?

Reverse lookups

What presents the greatest challenge to the recovery of critical systems and data following a ransomware incident?

Unavailable or corrupt data backups

What should the information security manager prioritize during an information security post-incident review?

Evaluating incident response effectiveness

What is the most effective way to prevent unauthorized firewall rule changes by IT employees?

Implementing strict access controls and monitoring

What is the most likely requirement after a merger with another organization in terms of the information security program?

Revision to information security program

What best enables the integration of information security governance into corporate governance?

An information security steering committee with business representation

What is the most effective way to ensure that information security governance aligns with corporate governance?

Establishing a cross-functional governance committee

What is the primary responsibility of the information security manager when evaluating third-party forensics providers?

Verify the provider's experience and expertise

What is the primary benefit of an information security awareness training program?

Influencing human behavior

What is the first course of action for a CISO after learning about a third-party service provider's data breach?

Determine the extent of the impact to the organization

What is the most important detail to capture in an organization's risk register?

Risk ownership

What is the best course of action if the business activity residual risk is lower than the acceptable risk level?

Monitor the effectiveness of controls

What is the most important to include in monthly information security reports to the board?

Trend analysis of security metrics

What is the most important to include in an incident response plan to ensure incidents are responded to by the appropriate individuals?

Detailed incident notification process

What is the primary advantage of single sign-on (SSO)?

Increased efficiency of access management

What is the most critical factor for information security program success?

Information security manager's knowledge of the business

What is the best course of action to prevent further damage after a compromised endpoint device is isolated?

Conduct a forensic analysis

What is the best enabler for an organization to transform its culture to support information security?

Strong management support

What is the best approach for ensuring information security governance is aligned with corporate governance?

Integration of security reporting into corporate reporting

What is the most effective message to obtain senior management's commitment to information security management?

Security supports and protects the business

What is the initial step for an information security manager after acquiring a company in a foreign country?

Conduct a comprehensive security assessment of the acquired company's systems and networks

What is the beneficial type of exercise for an incident response team at the first drill?

Tabletop exercise simulating a security incident scenario

What represents the recovery point objective (RPO) requirement?

The maximum tolerable amount of data loss after a disruption

What is the primary objective of the information security incident response process?

To minimize the impact of security incidents on the organization

What is the most important element in achieving executive commitment to an information security governance program?

Demonstrating the alignment of the program with business objectives

What is the primary responsibility of an information security manager in responding to a hacked IoT device in an organization's network?

Isolate the compromised IoT device to prevent further damage

What are the tasks to be performed once a disaster recovery plan (DRP) has been developed?

Regular testing and updating of the DRP

What is the best indication of effective information security governance?

Consistent alignment of security measures with business objectives

What is the primary purpose of invoking a business continuity plan during a disaster?

To ensure the continuity of critical business operations

What is the best way to ensure procurement decisions consider information security concerns?

Incorporate security requirements into the procurement process

What is the primary focus when developing escalation procedures for an incident response plan?

Establishing criteria for escalating incidents

What is the best indication of a successful information security culture?

High employee compliance with security policies

What is the primary purpose of invoking a business continuity plan during a disaster?

To resume critical business operations

What is the most important factor of a successful information security program?

Comprehensive risk management focus

When a mandatory security standard hinders the achievement of an identified business objective, what should an information security manager do?

Escalate the issue to senior management

What is the best method for determining whether a firewall has been configured to provide a comprehensive perimeter defense?

Validate the current firewall rule set

What is the primary contribution of recovery point objective (RPO) to disaster recovery?

Minimizing data loss

What is the best approach to make strategic information security decisions?

Align decisions with business objectives

What is the first course of action for an information security manager when employees violate a no-camera policy?

Conduct a risk assessment

What is the best indication of effective information security governance?

Clear alignment with business objectives

When independent penetration test results reveal high-rated vulnerability in a cloud-based application, what is the best way to proceed?

Postpone the implementation until the vulnerability is fixed

What is the best indication of a successful information security program?

Focused on risk management

Study Notes

Information Security Management Questions and Answers

• Conducting interviews as part of the business impact analysis (BIA) process is important to ensure the stakeholders providing input own the related risk.
• The timely execution of an incident response plan can be best enabled by defining trigger events.
• Change management procedures that are likely to cause concern to the information security manager include the development manager migrating programs into production.
• The greatest benefit of conducting an organization-wide security awareness program is the improvement of security behavior.
• The initial prioritization of recovery of services should be contained in the Business Impact Analysis (BIA) document.
• The greatest inherent risk when performing a disaster recovery plan (DRP) test is disruption to the production environment.
• Incident management is designed to handle a control failure that leads to a breach.
• When a finance department director decides to outsource the organization's budget application, the information security manager should first determine the required security controls for the new solution.
• The best way to integrate information security governance into corporate governance is through an information security steering committee with business representation.
• Actively engaging with stakeholders is the best course of action for an information security manager to align security and business goals.
• The most appropriate time to conduct a disaster recovery test would be after major business processes have been redesigned.
• Including incident classification criteria within an incident response plan provides the greatest benefit of optimized allocation of recovery resources.

Information Security Management and Incident Response

• Effective execution of an incident response plan is best facilitated by ensuring the response team is trained on the plan.
• In a post-incident review, determining the underlying reason for user error is most important.
• The primary objective of a business impact analysis (BIA) is to determine recovery priorities.
• Key risk indications (KRIs) are the most important to include in an information security status report for management.
• Senior management support is the most important factor for an organization's information security program to be effective.
• Elapsed time between detection, reporting, and response is the most appropriate metric for evaluating the incident notification process.
• The greatest value provided by a security information and event management (SIEM) system is facilitating the monitoring of risk occurrences.
• Requiring multi-factor authentication is the best technical defense against unauthorized access to a corporate network through social engineering.
• The primary objective of performing a post-incident review is to identify the root cause.
• Results from a gap analysis provide the most useful information for planning purposes to achieve compliance with local regulatory requirements.
• Senior management sponsorship is the best evidence of alignment between corporate and information security governance.
• The chief information security officer (CISO) should be most concerned with developing a security program that meets global and regional requirements in a multinational organization facing different security requirements at each operating location.

Information Security Management Summary

• The average return on investment (ROI) for security initiatives is a key metric for information security management.
• The average number of security incidents across business units helps in assessing the overall security posture.
• Mean time to resolution (MTTR) for enterprise-wide security incidents is an important measure of response efficiency.
• The number of vulnerabilities identified for high-risk information assets is crucial for prioritizing security efforts.
• When a retailer's information security manager discovers an HVAC vendor with remote access to stores, the first course of action should be to review the vendor contract.
• Developing a business case for information security investment should be based on losses due to security incidents, enabling informed decisions by senior management.
• The primary benefit of maintaining an information security governance framework is managing business risks to an acceptable level.
• Post-incident review of an attack is most useful when focusing on the method of operation used by the attacker.
• Penetration testing is most appropriate when a new system is about to go live.
• Regular reviews of the cybersecurity threat landscape are primarily aimed at comparing emerging trends with the existing organizational security posture.
• The best approach to reduce unnecessary duplication of compliance activities is the standardization of compliance requirements.
• Obtaining support for a new organization-wide information security program is best achieved through delivering an information security awareness campaign.
• The level of protection for an information asset should primarily be decided based on its impact to the business function.

Information Security Management Summary

• Labeling information according to its security classification enhances the likelihood of people handling information securely.
• Management decisions concerning information security investments are most effective when they are based on consistent and periodic risk assessments.
• When developing materials to update the board, regulatory agencies, and the media about a security incident, the information security manager should determine the needs and requirements of each audience first.
• The best indication that information security governance and corporate governance are integrated is when the information security steering committee is composed of business leaders.
• The best method to evaluate the effectiveness of an alternate processing site when continuous uptime is required is through a parallel test.
• Legal issues associated with a transborder flow of technology-related items are most often related to encryption tools and personal data.
• The best approach for managing user access permissions to ensure alignment with data classification is to review access permissions annually or whenever job responsibilities change.
• The primary reason to monitor key risk indicators (KRIs) related to information security is to benchmark control performance.
• When establishing a new data protection program that must comply with applicable data privacy regulations, the first step is to create an inventory of systems where personal data is stored.
• To ensure that an information security training program is most effective, its contents should be based on employees' roles.
• The primary reason for granting a security exception is that the risk is justified by the benefit to the business.
• Recovery time objectives (RTOs) are best determined by business continuity officers.

Information Security Management Summary

• Effective communication of program's effectiveness to stakeholders requires establishing metrics for each milestone
• To ensure procurement decisions consider information security concerns, integrate information security risk assessments into the procurement process
• The most comprehensive insight into ongoing threats facing an organization is provided by a risk register
• When developing a categorization method for security incidents, the categories must have agreed-upon definitions
• Key performance indicators (KPIs) are most useful to help senior management understand the status of information security compliance
• The contribution of recovery point objective (RPO) to disaster recovery is to define backup strategy
• The best way to effectively manage emerging cyber risk is cybersecurity policies
• The risk treatment option applied to limit risk exposure to the business when a legacy application cannot be patched is to mitigate
• When notified of a new vulnerability affecting key data processing systems, the first step is to re-evaluate the risk
• The best way to ensure the capability to restore clean data after a ransomware attack is to maintain multiple offline backups
• The best indication of a successful information security culture is if end users know how to identify and report incidents
• The first course of action for an information security manager when a newly introduced privacy regulation affects the business is to identify and assess the risk in the context of business objectives

Information Security Management Summary

• The primary risk owner for information security is the business senior management.
• In Infrastructure as a Service (IaaS) cloud model, the cloud service buyer assumes the most security responsibility.
• The primary objective of an information security governance framework should be to provide a baseline for optimizing the security profile of the organization.
• Establishing a clear definition of a security incident in an incident response plan primarily helps in developing effective escalation and response procedures.
• The first consideration when deciding to move to a cloud-based model should be data classification.
• The first step when developing a business case for a new intrusion detection system (IDS) solution is to define the issues to be addressed.
• If IT personnel are not adhering to the information security policy due to process inefficiencies, the information security manager should determine the risk related to noncompliance with the policy as the first step.
• Role-based access control greatly reduces security administration efforts.
• In a situation where a risk owner has accepted a large amount of risk due to the high cost of controls, the information security manager's primary focus should be on establishing a strong ongoing risk monitoring process.
• The greatest challenge to a security operations center's awareness of potential security breaches is when IT system clocks are not synchronized with the centralized logging server.
• The basis for developing an effective information security program that supports the organization's business goals should include an information security strategy.
• The best method to ensure compliance with password standards is automated enforcement of password syntax rules.

Information Security Manager Exam Questions Summary

• The data owner is primarily accountable for associated tasks within an organization, according to exam question 266.
• Management decision on asset value is the most important requirement for a successful security program, as per exam question 267.
• Determining the current and desired state of controls is the best way to achieve compliance with new global regulations related to the protection of personal information, according to exam question 268.
• Asset classification primarily determines the level of protection required for assets, according to exam question 269.
• Communicating and ensuring understanding of program goals within the organization is most important for the effective implementation of an information security governance program, as per exam question 270.
• Business criticality has the most influence on the inherent risk of an information asset, as per exam question 271.
• A properly tested offline backup system would most effectively allow a hospital to avoid paying ransom in the event of a critical server being encrypted by ransomware, according to exam question 272.
• Ensuring the contact list is regularly updated is most important when developing escalation procedures for an incident response plan, as per exam question 273.
• When selecting a third-party forensics provider, an information security manager should primarily verify the technical capabilities of the provider, according to exam question 274.
• Isolating the impacted endpoints should be the information security manager's response when an employee triggers a ransomware attack by clicking on a phishing email link, according to exam question 275.
• Restoring the OS, patches, and application from a backup represents the best practice for ensuring the integrity of a recovered system after an intrusion has been detected and contained, as per exam question 276.
• Improving security controls is an example of risk mitigation, as indicated in exam question 277.

Information Security Management Practice Questions Summary

• Answering questions on incident reflection in user security awareness training program
• Responding to a hacked IoT device in an organization's network
• Aligning information security program requirements with employment and staffing processes
• Initial step for an information security manager after acquiring a company in a foreign country
• Utilizing a balanced scorecard for effective information security governance
• Tasks to be performed once a disaster recovery plan (DRP) has been developed
• Supporting effective communication during information security incidents
• Beneficial type of exercise for an incident response team at the first drill
• Criteria for deciding whether to accept residual risk
• Recovery point objective (RPO) requirement
• Ensuring incident response teams are properly prepared
• Enabling the assignment of risk and control ownership
• Implementing network isolation techniques after a security breach

Information Security Management Summary

• Business Continuity Plan (BCP) triggers are defined by the Disaster Recovery Plan (DRP).
• Senior management support is the most important consideration when establishing information security policies for an organization.
• The first course of action for an information security manager when employees violate a no-camera policy is to conduct a risk assessment.
• To address concerns about conflicting access rights during an acquisition, the information security manager should perform a risk assessment of the access rights.
• The best time to update a security incident response plan is during the post-incident review.
• When independent penetration test results reveal high-rated vulnerability in a cloud-based application, the best way to proceed is to postpone the implementation until the vulnerability is fixed.
• Information security governance is most important to ensure an organization's cybersecurity program meets the needs of the business.
• The best method for determining whether a firewall has been configured to provide a comprehensive perimeter defense is to validate the current firewall rule set.
• The most important factor of a successful information security program is that it is focused on risk management.
• An information security governance desired outcome is improved risk management.
• When an organization quickly shifts to a work-from-home model with an increased need for remote access security, the immediate focus should be on strengthening endpoint security.
• When a mandatory security standard hinders the achievement of an identified business objective, an information security manager should escalate to senior management.

Description

Test your knowledge of information security management with this quiz. From incident response plans to disaster recovery testing, these questions cover various aspects of ensuring the security and resilience of organizational information systems. Perfect for anyone involved in information security governance or management.