Cism text-2

Questions and Answers

What is the PRIMARY purpose for continuous monitoring of security controls?

Alignment with compliance requirements is maintained

Effectiveness of controls is evaluated (correct)

Control gaps are minimized

System availability is ensured

How does an incident response team BEST leverage the results of a business impact analysis (BIA)?

Assigning restoration priority during incidents (correct)

Evaluating vendors critical to business recovery

Calculating residual risk after the incident recovery phase

Determining total cost of ownership (TCO)

Which of the following is MOST important to communicate with regard to open items from the risk register to senior management?

Potential business impact (correct)

Compensating controls

Key risk indicators (KRIs)

Responsible entities

An organization's information security manager is performing a post-incident review. Which of the following could have been prevented by conducting regular incident response testing?

Ignored alert messages

What is the BEST way to ensure an organization's disaster recovery plan can be carried out in an emergency?

Require disaster recovery documentation be stored with all key decision makers

What is the MOST effective way to help staff members understand their responsibilities for information security?

Require staff to participate in information security awareness training

What is the MOST helpful approach for properly scoping a security assessment of an existing vendor?

Review controls listed in the vendor contract

What will BEST facilitate the integration of information security governance into enterprise governance?

Establishing an information security steering committee

When remote access to confidential information is granted to a vendor for analytic purposes, what is the MOST important security consideration?

The vendor must agree to the organization's information security policy

What should be the PRIMARY basis for determining the value of assets?

Business cost when assets are not available

What is the BEST way to reduce the risk associated with a bring your own device (BYOD) program?

Implement a mobile device management (MDM) solution

What should the information security manager's FIRST step be to ensure the security policy framework encompasses a new business model?

Perform a gap analysis

What is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?

Organizational tolerance to service interruption

What is the BEST approach to incident response for an organization migrating to a cloud-based solution?

Revise incident response procedures to encompass the cloud environment

What should be the PRIMARY basis for a severity hierarchy for information security incident classification?

Adverse effects on the business

Why should spoofing be prevented?

Gain illegal entry to a secure system by faking the sender's address

What is the best approach to identify risks associated with a social engineering attack?

Testing user knowledge of information security practices

What most effectively enables information security governance?

A balanced scorecard

What should be the first step when an online bank identifies a network attack in progress?

Isolate the affected network segment

What is the most important aspect to include in a report to key stakeholders regarding the effectiveness of an information security program?

Security metrics

What best enables an organization to provide ongoing assurance that legal and regulatory compliance requirements can be met?

Embedding compliance requirements within operational processes

What demonstrates the added value of an information security program most effectively?

A balanced scorecard

What is the most important consideration when determining which type of failover site to employ?

Recovery time objectives (RTOs)

What best enables an organization to enhance its incident response plan processes and procedures?

Lessons learned analysis

What are the main topics covered in the text?

Risk assessment, incident response, change management, security awareness, disaster recovery, and data protection

What is the most likely reason for executive management to decide not to take further action related to the threat of a denial of service (DoS) attack?

The cost of implementing controls exceeds potential financial losses

What does the text emphasize about involving key stakeholders?

In risk assessment, incident response planning, and security governance

What is the most effective course of action when dealing with employees utilizing free cloud storage services to store company data through their mobile devices?

Assess the business need to provide a secure solution

What does the text stress the importance of in managing information security incidents, change management, and disaster recovery?

Clear documentation, communication, and coordination

What is the best use of security metrics?

To determine the maturity of an information security program

What does the text underscore the significance of in aligning security with business goals?

Conducting business impact analysis and integrating information security governance into corporate governance

What is most important for the information security manager to confirm when relying on a potential vendor's certification for international security standards?

The certification scope is relevant to the service being offered

What does the text stress the importance of in evaluating security metrics, incident response tests, and reported security incidents?

Senior leadership involvement

What is the primary focus of information security management according to the text?

Involving key stakeholders and aligning security with business goals

What is highlighted as essential for managing information security incidents, change management, and disaster recovery?

Clear documentation, communication, and coordination

What does the text stress the need for in protecting data and establishing effective incident management procedures and policies?

Prioritizing recovery of services

What is emphasized as significant in evaluating security metrics, incident response tests, and reported security incidents?

Senior leadership involvement

What does the text stress the importance of aligning with business goals and integrating into corporate governance?

Information security governance

What is highlighted as essential for involving key stakeholders and managing information security incidents?

Risk assessment and incident response planning

What is stressed as the need for clear documentation, communication, and coordination in managing information security incidents?

Clear documentation, communication, and coordination

What is the BEST way to reduce the impact of a successful ransomware attack?

Perform frequent backups and store them offline

Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?

Identify critical business functions and processes

Which of the following processes BEST supports the evaluation of incident response effectiveness?

Post-incident review

To help ensure that an information security training program is MOST effective, its contents should be:

Focused on employees' roles

Which of the following would be the MOST effective way to present quarterly reports to the board on the status of the information security program?

An information security dashboard

Which of the following is the PRIMARY responsibility of an information security manager in an organization that is implementing the use of company-owned mobile devices in its operations?

Review and update existing security policies

Which of the following is the BEST option to lower the cost to implement application security controls?

Integrate security activities within the development process

Which of the following is the FIRST step to establishing an effective information security program?

Create a business case

When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:

Regulatory requirements

Which of the following is MOST effective in monitoring an organization's existing risk?

Security information and event management (SIEM) systems

Which of the following would BEST justify continued investment in an information security program?

Reduction in residual risk

Which of the following has the GREATEST influence on an organization's information security strategy?

The organization's risk tolerance

What is the primary responsibility of an information security manager when implementing company-owned mobile devices?

Review and update existing security policies

What is the best metric to measure the effectiveness of an organization's information security program?

Return on information security investment

What is the first step an information security manager should take when creating an organization's disaster recovery plan (DRP)?

Conduct a business impact analysis (BIA)

What is the best basis for determining the allocation of resources during a security incident response?

Defined levels of severity

What is the most helpful for protecting an enterprise from advanced persistent threats (APTs)?

Defined security standards

What is the best process to evaluate incident response effectiveness?

Post-incident review

What should be the primary basis for a severity hierarchy for information security incident classification?

Defined levels of severity

What is the first step to establishing an effective information security program?

Create a business case

What is the best option to lower the cost of implementing application security controls?

Integrating security activities within the development process

What is the best approach to lower the cost of implementing application security controls?

Integrating security activities within the development process

What is the best approach for an effective information security training program?

Base it on employees' roles for maximum impact

What should an information security manager do to promote the relevance and contribution of security?

Overcome the perception that security is a hindrance to business activities

Which of the following provides an information security manager with the MOST accurate indication of the organization's ability to respond to a cyber attack?

Red team exercise

Which of the following is the PRIMARY objective of a business impact analysis (BIA)?

Determine recovery priorities

What is MOST important to include in an information security status report for management?

Key risk indication (KRIs)

A post-incident review identified that user error resulted in a major breach. What is MOST important to determine during the review?

The underlying reason for the user error

What is the primary focus of the questions related to information security management?

Testing knowledge and understanding of best practices and strategies

Which of the following actions do the questions emphasize the importance of in the context of information security management?

Strategic decision-making

What is the primary purpose of the questions related to incident response and evidence maintenance?

To prioritize and take the first steps in various security-related scenarios

What do the questions require understanding the significance of in the context of information security management?

Risk assessment and change management controls

What do the questions stress the importance of in managing information security incidents, change management, and disaster recovery?

Strategic decision-making and alignment of security initiatives

What is the main focus of the questions related to addressing security challenges in an organization?

Strategic decision-making and gaining senior management approval

What is the primary responsibility emphasized in the questions for an information security manager when implementing company-owned mobile devices?

Maintaining evidence and addressing concerns related to intrusion prevention

What is highlighted as essential for involving key stakeholders and managing information security incidents?

Strategic decision-making and alignment of security initiatives

What is the most important aspect to include in a report to key stakeholders regarding the effectiveness of an information security program?

Strategic alignment of security initiatives

What is the best approach for an effective information security training program according to the questions?

Strategic decision-making and alignment of security initiatives

What demonstrates the added value of an information security program most effectively according to the questions?

Strategic decision-making and alignment of security initiatives

What is emphasized as significant in evaluating security metrics, incident response tests, and reported security incidents according to the questions?

Strategic decision-making and alignment of security initiatives

What is the primary benefit of maintaining an information security governance framework?

Reducing unnecessary duplication of compliance activities

What is the primary reason to perform regular reviews of the cybersecurity threat landscape?

Comparing emerging trends with existing security posture

What is the best approach to reduce unnecessary duplication of compliance activities?

Standardization of compliance requirements

What is the primary benefit of effective risk decision making?

Establishment of risk domains

What is the primary benefit of aligning information security governance with corporate governance?

Managing business risks to an acceptable level

What is the primary reason for an organization to suspend data exchange with a provider and notify regulatory authorities of a breach?

Ensuring regulatory compliance

What is the primary benefit of including the disaster recovery communication plan in an outsourcing agreement for disaster recovery activities?

Managing business risks to an acceptable level

What is the best evidence of alignment of information security governance with corporate governance?

Average return on investment (ROI) associated with security initiatives

What is the primary benefit of maintaining an information security governance framework?

Reducing unnecessary duplication of compliance activities

What is the primary reason to perform regular reviews of the cybersecurity threat landscape?

Comparing emerging trends with existing security posture

What is the best approach to reduce unnecessary duplication of compliance activities?

Standardization of compliance requirements

What is the primary benefit of effective risk decision making?

Establishment of risk domains

What is the primary purpose of introducing a single point of administration in network monitoring according to the text?

To streamline and improve control of the environment

What is the best course of action when a cloud application used by an organization is found to have a serious vulnerability?

Report the situation to the business owner of the application

What is the best way to monitor for advanced persistent threats (APT) in an organization according to the text?

Searching for anomalies in the environment

What is the most effective way to ensure an organization's disaster recovery plan can be carried out in an emergency according to the text?

Conducting quarterly disaster recovery drills

What is the best indication of an effective information security awareness training program according to the text?

An increase in the identification rate during phishing simulations

What is the most important consideration when developing an information security strategy according to the text?

Input from process owners

What is the best way to determine asset valuation according to the text?

Considering potential business loss

What is the first step in developing an information security strategy according to the text?

Performing a gap analysis based on the current state

What is the best approach to lower the cost of implementing application security controls according to the text?

Automating the implementation process

What is the primary objective of performing a post-incident review?

To identify the root cause

What is the best technical defense against unauthorized access through social engineering?

Requiring multi-factor authentication

What is the best evidence of alignment between corporate and information security governance?

Senior management sponsorship

What is the primary concern for a multinational organization's CISO?

Developing a security program that meets global and regional requirements

What is the best reason to conduct social engineering in a call center?

To identify candidates for additional security training

What is the best course of action for an information security manager in response to users sharing a login account in violation of access policy?

Present the risk to senior management

What must be defined for an information security manager to evaluate the appropriateness of controls currently in place?

Security policy

What is the greatest concern from a penetration test showing vulnerabilities in an organization's external web application?

Exploit code for one of the vulnerabilities being publicly available

When deciding the level of protection for an information asset, what provides the MOST guidance?

Impact to business function

What is the BEST indication of information security strategy alignment with the organization's?

Number of business objectives directly supported by information security initiatives

Which analysis will BEST identify the external influences to an organization's information security?

Threat analysis

What is the MOST important detail to capture in an organization's risk register?

Risk ownership

What is the most appropriate role to determine access rights for specific users of an application?

System administrator

What is the best evidence to senior management that security control performance has improved?

Reduction in reported security incidents

What is the best course of action when an online company discovers a network attack in progress?

Isolate the affected network segment

What is the best tool to monitor the effectiveness of information security governance?

Balanced scorecard

During the initiation phase of the system development life cycle (SDLC) for a software project, what should information security activities address?

Baseline security controls

What is the most important element in achieving executive commitment to an information security governance program?

Identified business drivers

What is the best course of action to minimize the risk of data exposure from a stolen personal mobile device?

Wipe the device remotely

For aligning security operations with the IT governance framework, what is most helpful?

A security operations program

What are recovery time objectives (RTOs) an output of?

Business impact analysis (BIA)

What is the primary objective of performing a post-incident review?

Identify the root cause

What is the reason for having an information security manager serve on the change management committee?

To advise on change-related risk

What is the best evidence to senior management that security control performance has improved?

Reduction in reported security incidents

What is the main purpose of senior management review and approval of an information security strategic plan?

To ensure the plan aligns with corporate governance

What is the most important consideration when confirming a third-party provider's compliance with an organization's information security requirements?

Ensuring the right to audit is included in the service level agreement (SLA)

How should an organization effectively manage emerging cyber risk?

By implementing cybersecurity policies

What is the contribution of recovery point objective (RPO) to disaster recovery?

To define backup strategy

What is the most effective way to help ensure procurement decisions consider information security concerns when an organization increasingly uses Software as a Service (SaaS)?

Integrating information security risk assessments into the procurement process

What provides the most comprehensive insight into ongoing threats facing an organization?

The risk register

What is the best way to communicate the effectiveness of an information security governance framework to stakeholders?

Establishing metrics for each milestone

What is the most important aspect of developing a categorization method for security incidents?

Ensuring the categories have agreed-upon definitions

What would be most useful to help senior management understand the status of information security compliance?

Key performance indicators (KPIs)

What is the best risk treatment option to limit the risk exposure to the business when a legacy application cannot be patched?

Implementing a firewall in front of the legacy application

What should be the first action when notified of a new vulnerability affecting key data processing systems?

Re-evaluating the risk

What is the best way to ensure the capability to restore clean data after a ransomware attack?

Maintaining multiple offline backups

What is the primary focus of information security controls according to the text?

Preventing unauthorized access to sensitive information

What is the best approach for managing user access permissions to ensure alignment with data classification?

Reviewing access permissions annually or whenever job responsibilities change

What is the primary reason to monitor key risk indicators (KRIs) related to information security?

To benchmark control performance

What is the best method to evaluate the effectiveness of an alternate processing site when continuous uptime is required?

A parallel test

What is the first step when creating an inventory of systems where personal data is stored for a new data protection program?

Creating an inventory of systems where personal data is stored

What should the information security manager first determine when updating about a security incident to different audiences?

The needs and requirements of each audience

What is the most common legal issue associated with a transborder flow of technology-related items?

Related to encryption tools and personal data

What enhances the likelihood of secure handling of information according to security classification?

Labeling information according to security classification

What should the security manager include in regular metrics to help senior management understand the risk?

Impact of security risks

What is the best basis for determining the allocation of resources during a security incident response?

Impact of the security incident

What is the most effective information security training program based on?

Employees' roles

What is the best approach for an effective information security governance according to the text?

Integration with corporate governance

What should the information security manager focus on when aligning a security awareness program with the organization's business strategy?

People and culture

What is the best action to mitigate the risk of theft of tablets containing critical business data?

Conducting a mobile device risk assessment

What is the strongest justification for granting an exception to the policy of disabling access to USB storage devices?

The benefit is greater than the potential risk

What is the primary goal of the eradication phase in an incident response process?

Removing the threat and restoring affected systems

What should the information security manager primarily focus on when developing an RFP for a new outsourced service?

Defining security requirements for the process being outsourced

What has the greatest influence on the successful implementation of information security strategy goals?

Management support

What is the most effective way to demonstrate alignment of information security strategy with business objectives?

Using a balanced scorecard

What is the primary basis for information security strategy according to the text?

Organization's vision and mission

What should the security manager do when senior management accepts the risk of noncompliance?

Update details in the risk register

What should the security manager do if the organization plans to use social networks for promotion?

Assess security risks

What should the incident response team document during the eradication phase of an incident response process?

Actions required to remove the threat

What should information security be aligned with to optimize security risk management according to the text?

Organization's strategy

What is the GREATEST benefit of information asset classification?

Providing a basis for implementing a need-to-know policy

Before classifying a suspected event as a security incident, what is the MOST important for the security manager to do?

Notify the business process owner

What should the information security manager do to address security risks not being treated in a timely manner?

Re-perform risk analysis at regular intervals

Which provides the BEST assurance that security policies are applied across business operations?

Organizational standards are documented in operational procedures

What should an organization FIRST do when developing a security strategy for a new service?

Perform a gap analysis against the current state

What should an information security manager do FIRST when aligning incident response capability with a public cloud service provider?

Update the incident escalation process

What should an information security manager do prior to conducting a forensic examination?

Create an image of the original data on new media

What is the PRIMARY purpose of creating security policies?

Communicate management's security expectations

What is the BEST method to protect against emerging advanced persistent threat (APT) actors?

Implementing proactive systems monitoring

What is the PRIMARY advantage of performing black-box control tests as opposed to white-box control tests?

They simulate real-world attacks

What is the BEST step to address a lost smartphone containing sensitive information?

Remotely wipe the device

What will result in the MOST accurate controls assessment?

Senior management support

What backup method requires the MOST time to restore data for an application?

Full backup

What should an information security manager do FIRST upon learning of a major emerging threat?

Validate the relevance of the information

What is the PRIMARY purpose of an organization's quality process in supporting security management?

Providing assurance that security requirements are met

What should an organization do to remain operational during a disaster?

Invoke the Business Continuity Plan (BCP)

Who is primarily accountable for the associated task within the organization when a lead security engineer identifies a major security vulnerability at the primary cloud provider?

Chief Information Security Officer (CISO)

What is the most important requirement for a successful security program?

Management decision on asset value

What is the best way to achieve compliance with new global regulations related to protection of personal information?

Determining current and desired state of controls

What is the primary determination by asset classification?

Level of protection required for assets

What is most important for the effective implementation of an information security governance program?

Program goals communicated and understood by the organization

What has the most influence on the inherent risk of an information asset?

Business criticality

What is the most important for the effective implementation of an information security governance program?

Program goals communicated and understood by the organization

What is the most important to ensure when developing escalation procedures for an incident response plan?

Contact list is regularly updated

What is most important for an information security manager to verify when selecting a third-party forensics provider?

Technical capabilities of the provider

What should be information security's response when an employee clicked on a link in a phishing email, triggering a ransomware attack?

Isolate the impacted endpoints

What is the best practice for ensuring integrity of the recovered system after an intrusion has been detected and contained?

Restore the OS, patches, and application from a backup

What is the primary purpose of a post-incident review of an information security incident?

To prevent recurrence and improve incident response

What is the most important factor in increasing the effectiveness of incident responders?

Testing response scenarios to improve preparedness

What is the primary benefit of implementing a vulnerability assessment process?

Enhancing threat management and aiding in proactive risk management

What is the first step when implementing a security program?

Performing a risk analysis to identify security vulnerabilities

What is the best approach to ensure compliance with information security policy for a new application?

Review the security of the application before implementation

What is the best course of action when an organization receives complaints about encrypted files and demands for money?

Isolate the affected systems

What is the most important consideration when establishing an organization's information security governance committee?

Ensuring comprehensive representation from functions across the organization

What is indicated when business needs are met within the stated recovery time objectives (RTOs)?

Effective testing of business continuity and disaster recovery plans

What is the primary objective of a post-incident review of an information security incident?

To prevent recurrence and improve incident response

What is the primary benefit of implementing a vulnerability assessment process?

Enhancing threat management and aiding in proactive risk management

What is the best approach to ensure compliance with information security policy for a new application?

Review the security of the application before implementation

What is the best course of action when an organization receives complaints about encrypted files and demands for money?

Isolate the affected systems

What is the primary responsibility emphasized in the text for an information security manager when responding to a ransomware attack?

Ensure the business can operate

Who should be responsible for calculating Business Impact Analysis (BIA) recovery time and cost estimates according to the text?

The business process owner

What is the best way to determine if an information security profile is aligned with business requirements according to the text?

Review security-related key risk indicators (KRIs)

What is the most important aspect for building a robust information security culture within an organization according to the text?

Senior management approval of information security policies

What is the best position to evaluate business impacts according to the text?

The business process owner

What should a newly hired information security manager tasked with developing and implementing an information security strategy find most useful according to the text?

The organization's mission statement and roadmap

What is the most important consideration when incorporating media communication procedures into the security incident communication plan according to the text?

Include a single point of contact within the organization

What is the primary responsibility of a privileged access management (PAM) system according to the text?

Enable regulatory compliance for employee account privilege removal

What is the most important step before classifying a suspected event as a security incident according to the text?

Notify the business process owner

What is the most important aspect for the information security manager in a rapidly changing environment according to the text?

Ensure periodic review of information security risk acceptance rationale

What is the primary responsibility of the information security manager to enable regulatory compliance for employee account privilege removal according to the text?

Implement a privileged access management (PAM) system

What is most helpful in determining the criticality of an organization's business functions according to the text?

Business impact analysis (BIA)

What is the BEST way for an information security manager to ensure compliance with industry standards by a service provider?

An independent review report indicating compliance with industry standards

What is the PRIMARY role of an information security manager in a software development project?

To enhance awareness for secure software design

What is an information security manager's PRIMARY challenge when deploying a bring your own device (BYOD) mobile program in an enterprise?

Inconsistent device security

When collecting admissible evidence, what is the MOST important requirement?

Chain of custody

What is the BEST course of action if the business activity residual risk is lower than the acceptable risk level?

Monitor the effectiveness of controls

Which of the following is the PRIMARY benefit of an information security awareness training program?

Influencing human behavior

What is the MOST important detail to capture in an organization's risk register?

Risk ownership

Which of the following is the MOST critical factor for information security program success?

The information security manager's knowledge of the business

Which of the following is the BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?

Assess the risk to the organization

What is the PRIMARY advantage of single sign-on (SSO)?

Increase efficiency of access management

Which of the following will ensure confidentiality of content when accessing an email system over the Internet?

Digital encryption

Reevaluation of risk is MOST critical when there is:

A change in the threat landscape

Which of the following should be the MOST important consideration of business continuity management?

Ensuring human safety

What is the PRIMARY advantage of performing black-box control tests as opposed to white-box control tests?

Simulating the perspective of an external attacker

Which of the following is the MOST important detail to capture in an organization's risk register?

Risk ownership

Which of the following is the BEST course of action to prevent further damage when an information security manager has been notified about a compromised endpoint device?

Isolate the endpoint device

What is the primary focus when developing a business case for a new intrusion detection system?

Defining the issues to be addressed

What is the best method to ensure compliance with password standards?

Automated enforcement of password syntax rules

What is the most important aspect to ensuring information stored by an organization is protected appropriately?

Assigning information asset ownership

What is the best way to ensure organizational support for the implementation of security controls?

Establishing effective stakeholder relationships

What is the best justification for making a revision to a password policy?

A risk assessment

What is the primary focus of the information security manager when a risk owner accepts a large amount of risk due to high cost of controls?

Establishing a strong ongoing risk monitoring process

What is the first consideration when moving to a cloud-based model?

Data classification

What greatly reduces security administration efforts?

Role-based access control

What is the best method to ensure compliance with password standards?

Automated enforcement of password syntax rules

What is the best way to ensure organizational support for the implementation of security controls?

Establishing effective stakeholder relationships

What is the best justification for making a revision to a password policy?

A risk assessment

What is the primary focus of the information security manager when a risk owner accepts a large amount of risk due to high cost of controls?

Establishing a strong ongoing risk monitoring process

What is the primary focus of the text's multiple-choice questions related to information security management?

Addressing security challenges within an organization

What does the text emphasize about the preparation of incident response teams?

Highlighting the need for diverse skill sets and effective communication

What is highlighted as essential for managing information security incidents, change management, and disaster recovery?

Proper management and effective recovery planning

What is the main purpose of senior management review and approval of an information security strategic plan?

To demonstrate commitment to security

What is the primary benefit of aligning information security governance with corporate governance?

Enhancing overall organizational governance

What does the text stress the importance of in protecting data and establishing effective incident management procedures and policies?

Proactive protection and effective incident management

What is the best approach for an effective information security training program?

Tailoring training to specific job roles and including real-life examples

What is the primary responsibility emphasized in the questions for an information security manager when implementing company-owned mobile devices?

Ensuring proper security measures for company-owned mobile devices

What is the most important aspect of developing a categorization method for security incidents?

Ensuring clear and effective incident classification

What is the primary benefit of maintaining an information security governance framework?

Enhancing overall organizational governance

What is the best technical defense against unauthorized access through social engineering?

Implementing robust access controls

What is the primary benefit of implementing a vulnerability assessment process?

Enhancing overall organizational security

What is the best approach for creating a security policy for a global organization subject to varying laws and regulations?

Establish baseline standards for all locations and add supplemental standards as required

What is the primary focus of information security governance?

Integrating information security into corporate governance

What is the best way to facilitate staff acceptance of information security policies?

Strong senior management support

What is the most critical for information security governance, in addition to executive sponsorship and business alignment?

Ownership of security

What is the best way to ensure appropriate security controls are built into software?

Integrating security throughout the development process

What is the best containment strategy for a distributed denial of service (DDoS) attack?

Redirect the attacker's traffic

What should be included in a business case when the return on investment (ROI) for an information security initiative is difficult to calculate?

The estimated reduction in risk

What is the best way to reduce risk from increasing cyberattacks for a financial company?

Revalidate and mitigate risks to an acceptable level

What is the most effective way to demonstrate alignment of information security strategy with business objectives?

Integrating information security into corporate governance

What will an email digital signature verify to the recipient?

The integrity of an email message

What is the best way to ensure the capability to restore clean data after a ransomware attack?

Regularly backing up data and testing the restoration process

What is the primary benefit of aligning information security governance with corporate governance?

Ensuring that security initiatives support business objectives

What is the BEST approach for an information security manager to take if a soon-to-be deployed online application will increase risk beyond acceptable levels?

Present a business case for additional controls to senior management

What would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

Management's business goals and objectives

What should be the information security manager's FIRST step in addressing an issue where an IT employee made a change to a firewall rule outside of the change control process?

Review the change management process

How are the relationships between critical systems BEST understood?

Performing a business impact analysis (BIA)

What is the primary focus of information security governance?

Ensuring that information security strategies align with business objectives

What is the most important aspect of developing a categorization method for security incidents?

Assessing the severity of the security incidents

What is the best way to ensure organizational support for the implementation of security controls?

Aligning security controls with business objectives

What is the primary objective of a post-incident review of an information security incident?

Identifying opportunities for improvement in incident response

What is the best way to demonstrate alignment of information security strategy with business objectives?

Quantifying the impact of the security strategy on organizational goals

What is the primary benefit of aligning information security governance with corporate governance?

Ensuring compliance with legal and regulatory requirements

What is the primary responsibility emphasized in the questions for an information security manager when implementing company-owned mobile devices?

Managing the risks associated with mobile device usage

What is the best technical defense against unauthorized access through social engineering?

Multi-factor authentication

What is the primary focus when developing a business case for a new intrusion detection system?

Quantifying the benefits in reducing security risks

What is the best way to ensure the capability to restore clean data after a ransomware attack?

Maintaining offline backups of critical data

What is the most effective way to prevent information security incidents?

Conducting regular security awareness training for employees

What is the best method for determining whether a firewall has been configured to provide a comprehensive perimeter defense?

Validating the current firewall rule set

What is the most important factor of a successful information security program?

Risk management

What is the primary benefit of involving end users in continuity planning?

Better understanding of specific business needs

What is the first step when a mandatory security standard hinders the achievement of an identified business objective?

Escalating to senior management

What is the most important aspect for the information security manager in a rapidly changing environment?

Aligning with industry best practices

What is the best method to ensure compliance with password standards?

Aligning with industry best practices

What is the primary focus of information security governance?

Meeting the needs of the business

What is the most effective way to demonstrate alignment of information security strategy with business objectives?

Aligning with industry best practices

What is the most important aspect to ensuring information stored by an organization is protected appropriately?

Risk management

What is the best approach for managing user access permissions to ensure alignment with data classification?

Risk management

What should be the primary basis for a severity hierarchy for information security incident classification?

Risk management

What is the best containment strategy for a distributed denial of service (DDoS) attack?

Risk management

Study Notes

Information Security Management Summary

• The purpose of the text is to provide information on various scenarios and questions related to information security management.
• The scenarios and questions cover topics such as risk assessment, incident response, change management, security awareness, disaster recovery, and data protection.
• The text includes multiple-choice questions and answers related to information security management practices.
• It emphasizes the importance of involving key stakeholders in risk assessment, incident response planning, and security governance.
• It highlights the need for clear documentation, communication, and coordination in managing information security incidents, change management, and disaster recovery.
• It underscores the significance of aligning security with business goals, conducting business impact analysis, and integrating information security governance into corporate governance.
• It stresses the importance of prioritizing recovery of services, protecting data, and establishing effective incident management procedures and policies.
• The text emphasizes the need for senior leadership involvement in evaluating security metrics, incident response tests, and reported security incidents to understand an organization's security posture.

Information Security Manager's Next Steps

• Information security manager should define control requirements to support incident response effectiveness.
• An effective information security training program should be based on employees' roles for maximum impact.
• Post-incident review is the best process to evaluate incident response effectiveness.
• Integrating security activities within the development process is the best option to lower the cost of implementing application security controls.
• The primary responsibility of an information security manager is to review and update existing security policies when implementing company-owned mobile devices.
• The return on information security investment is the best metric to measure the effectiveness of an organization's information security program.
• To promote the relevance and contribution of security, it is important for an information security manager to overcome the perception that security is a hindrance to business activities.
• Defined security standards are most helpful for protecting an enterprise from advanced persistent threats (APTs).
• The information security manager's decision on the best controls to mitigate risk should be mainly driven by regulatory requirements.
• Defined levels of severity best determine the allocation of resources during a security incident response.
• Conducting a business impact analysis (BIA) is the first step an information security manager should take when creating an organization's disaster recovery plan (DRP).
• The first step to establishing an effective information security program is to create a business case.

Information Security Management Summary

• Incident response plan development should primarily consider compliance with regulations.
• Following the identification of a malware incident, recovery must happen immediately.
• Introducing a single point of administration in network monitoring promotes efficiency in control of the environment.
• Ensuring a new server is appropriately secured is most effectively done by enforcing technical security standards.
• Creating and externally storing the disk hash value during forensic data acquisition from a hard disk primarily validates the integrity during analysis.
• In a successful recovery from a malware attack, instances of the malware continuing to be discovered indicate an unsuccessful eradication phase in incident response.
• When a cloud application used by an organization is found to have a serious vulnerability, the best course of action is to report the situation to the business owner of the application.
• An increase in the identification rate during phishing simulations is the best indication of an effective information security awareness training program.
• Process owners' input is of greatest importance in the development of an information security strategy.
• The best way to monitor for advanced persistent threats (APT) in an organization is to search for anomalies in the environment.
• When determining asset valuation, the most important consideration is the potential business loss.
• The first step in developing an information security strategy should be to perform a gap analysis based on the current state.
• An information security manager's most important consideration when developing a multi-year plan should be ensuring alignment with the plans of other business units.

Information Security Management Summary

• Effective information security program requires senior management support
• Incident notification process can be evaluated using elapsed time between detection, reporting, and response
• Security information and event management (SIEM) system's greatest value is in facilitating the monitoring of risk occurrences
• Best technical defense against unauthorized access through social engineering is requiring multi-factor authentication
• Primary objective of performing a post-incident review is to identify the root cause
• Useful information for planning compliance action plan includes results from a gap analysis
• Best evidence of alignment between corporate and information security governance is senior management sponsorship
• Concern for a multinational organization's CISO is developing a security program that meets global and regional requirements
• Best reason to conduct social engineering in a call center is to identify candidates for additional security training
• Information security manager's best course of action in response to users sharing a login account in violation of access policy is to present the risk to senior management
• Security policy must be defined for an information security manager to evaluate the appropriateness of controls currently in place
• Greatest concern from a penetration test showing vulnerabilities in an organization's external web application is exploit code for one of the vulnerabilities being publicly available

Information Security Management Summary

• Organization plans to use social networks for promotion, security manager's best course of action is to assess security risks.
• Primary basis for information security strategy should be the organization's vision and mission.
• When senior management accepts risk of noncompliance, the information security manager should update details in the risk register.
• To align a security awareness program with the organization's business strategy, the most important consideration is people and culture.
• To mitigate the risk of theft of tablets containing critical business data, the best action is to conduct a mobile device risk assessment.
• Information security should be aligned with the organization's strategy to optimize security risk management.
• To demonstrate alignment of information security strategy with business objectives, the most effective way is to use a balanced scorecard.
• Strongest justification for granting an exception to the policy of disabling access to USB storage devices is that the benefit is greater than the potential risk.
• Incident response team should document actions required to remove the threat during the eradication phase.
• The primary goal of the eradication phase in an incident response process is to remove the threat and restore affected systems.
• Information security manager developing an RFP for a new outsourced service should focus primarily on defining security requirements for the process being outsourced.
• Management support has the greatest influence on the successful implementation of information security strategy goals.

Information Security Management Questions and Answers

• Lead security engineer identifies major security vulnerability at primary cloud provider
• Who is primarily accountable for the associated task within the organization: data owner
• Most important requirement for a successful security program: management decision on asset value
• Best way to achieve compliance with new global regulations related to protection of personal information: determine current and desired state of controls
• Primary determination by asset classification: level of protection required for assets
• Most important for the effective implementation of an information security governance program: program goals communicated and understood by the organization
• Most influence on the inherent risk of an information asset: business criticality
• Critical server for a hospital encrypted by ransomware; most effective solution to avoid paying the ransom: properly tested offline backup system
• Most important to ensure when developing escalation procedures for an incident response plan: contact list is regularly updated
• Most important for an information security manager to verify when selecting a third-party forensics provider: technical capabilities of the provider
• Employee clicked on a link in a phishing email, triggering a ransomware attack; information security's response: isolate the impacted endpoints
• Intrusion detected and contained; best practice for ensuring integrity of the recovered system: restore the OS, patches, and application from a backup

Information Security Management Exam Prep

• Incident management process for attacks on an organization's supply chain can be supported by establishing communication paths with vendors
• The best position to evaluate business impacts is held by the process manager
• Before classifying a suspected event as a security incident, it is most important for the security manager to notify the business process owner
• In a rapidly changing environment, the information security manager must ensure that the rationale for acceptance of information security risk is periodically reviewed
• Business impact analysis (BIA) recovery time and cost estimates should be calculated by the business process owner
• The organization's mission statement and roadmap would be most useful to a newly hired information security manager tasked with developing and implementing an information security strategy
• To enable regulatory compliance for employee account privilege removal, a privileged access management (PAM) system would be best
• When incorporating media communication procedures into the security incident communication plan, it is most important to include a single point of contact within the organization
• Business impact analysis (BIA) is most helpful in determining the criticality of an organization's business functions
• The best way to determine if an information security profile is aligned with business requirements is to review security-related key risk indicators (KRIs)
• The most important aspect for building a robust information security culture within an organization is senior management approval of information security policies
• The primary consideration when responding to a ransomware attack should be to ensure the business can operate

Information Security Practice Questions Summary

• The principle of least privilege primarily requires the identification of job duties.
• The best approach for creating a security policy for a global organization subject to varying laws and regulations is to establish baseline standards for all locations and add supplemental standards as required.
• To reduce risk from increasing cyberattacks, a financial company should revalidate and mitigate risks to an acceptable level.
• Effective information security governance is indicated by integrating information security into corporate governance.
• Strong senior management support is the best way to facilitate staff acceptance of information security policies.
• Simulating realistic test scenarios best facilitates effective incident response testing.
• A viable containment strategy for a distributed denial of service (DDoS) attack is to redirect the attacker's traffic.
• When the return on investment (ROI) for an information security initiative is difficult to calculate, the best thing to include in a business case is the estimated reduction in risk.
• Integrating security throughout the development process is the best way to ensure appropriate security controls are built into software.
• Ownership of security is the most critical for information security governance, in addition to executive sponsorship and business alignment.
• When investigating an information security incident, details of the incident should be shared only as needed.
• An email digital signature will verify to the recipient the integrity of an email message.

Information Security Manager Practice Questions

• Policies are updated annually and aligned with industry best practices
• Senior management supports the policies
• Violation of a policy prohibiting the use of cameras at the office due to smartphones and tablet computers with enabled web cameras
• Concerns about conflicting access rights during the integration of a new company
• Deficiencies in the incident response plan observed during a high-profile security incident
• Independent penetration test results show a high-rated vulnerability in a cloud-based application
• Importance of information security governance in meeting the needs of the business
• Validation of the current firewall rule set is the best method for determining whether a firewall has been configured to provide a comprehensive perimeter defense
• Risk management is the most important factor of a successful information security program
• Necessity to quickly shift to a work-from-home model with an increased need for remote access security
• Escalating to senior management is the first step when a mandatory security standard hinders the achievement of an identified business objective
• Involving end users in continuity planning is advantageous due to their better understanding of specific business needs

Description

Test your knowledge of information security management with this quiz covering risk assessment, incident response, change management, security awareness, disaster recovery, and data protection. Challenge yourself with multiple-choice questions and gain insights into involving key stakeholders, documentation, communication, and aligning security with business goals.