New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free CISM Isaca Updates

Page: 49 / 59
Total 793 questions

Certified Information Security Manager Questions and Answers

Question 193

When choosing the best controls to mitigate risk to acceptable levels, the information security manager's decision should be MAINLY driven by:

Options:

A.

best practices.

B.

control framework

C.

regulatory requirements.

D.

cost-benefit analysis,

Question 194

Which of the following is the BEST way to help ensure an organization's risk appetite will be considered as part of the risk treatment process?

Options:

A.

Establish key risk indicators (KRIs).

B.

Use quantitative risk assessment methods.

C.

Provide regular reporting on risk treatment to senior management

D.

Require steering committee approval of risk treatment plans.

Question 195

Which of the following is the BEST indicator of an organization's information security status?

Options:

A.

Intrusion detection log analysis

B.

Controls audit

C.

Threat analysis

D.

Penetration test

Question 196

Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

Options:

A.

Effective security eliminates risk to the business.

B.

Adopt a recognized framework with metrics.

C.

Security is a business product and not a process.

D.

Security supports and protects the business.

Page: 49 / 59
Total 793 questions