New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CISM Questions Bank

Page: 35 / 59
Total 793 questions

Certified Information Security Manager Questions and Answers

Question 137

Which of the following is a PRIMARY responsibility of the information security goxernance function?

Options:

A.

Administering information security awareness training

B.

Defining security strategies to support organizational programs

C.

Ensuring adequate support for solutions using emerging technologies

D.

Advising senior management on optimal levels of risk appetite and tolerance

Question 138

To help ensure that an information security training program is MOST effective, its contents should be:

Options:

A.

based on recent incidents.

B.

based on employees’ roles.

C.

aligned to business processes.

D.

focused on information security policy.

Question 139

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?

Options:

A.

Conduct a threat analysis.

B.

Implement an information security awareness training program.

C.

Establish an audit committee.

D.

Create an information security steering committee.

Question 140

When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:

Options:

A.

strong encryption

B.

regulatory compliance.

C.

data availability.

D.

security awareness training

Page: 35 / 59
Total 793 questions