Free CISM Isaca Updates

Certified Information Security Manager Questions and Answers

Question 193

Before approving the implementation of a new security solution, senior management requires a business case. Which of the following would BEST support the justification for investment?

Options:

The solution contributes to business strategy.

The solution improves business risk tolerance levels.

The solution improves business resiliency.

The solution reduces the cost of noncompliance with regulations.

Answer:

Explanation:

The best way to support the justification for investment in a new security solution is to show how the solution contributes to the business strategy of the organization. The business strategy defines the vision, mission, goals, and objectives of the organization, and the security solution should align with and support them. The security solution should also demonstrate how it adds value to the organization, such as by enabling new business opportunities, enhancing customer satisfaction, or increasing competitive advantage. The business case should include the expected benefits, costs, risks, and alternatives of the security solution, and provide a clear rationale for choosing the preferred option1.

References = CISM Review Manual, 16th Edition eBook2, Chapter 1: Information Security Governance, Section: Information Security Strategy, Subsection: Business Case Development, Page 33.

Question 194

Which of the following should an information security manager do FIRST to address the risk associated with a new third-party cloud application that will not meet organizational security requirements?

Options:

Include security requirements in the contract.

Update the risk register.

Consult with the business owner.

Restrict application network access temporarily.

Answer:

Explanation:

Consulting with the business owner is the FIRST course of action that the information security manager should take to address the risk associated with a new third-party cloud application that will not meet organizational security requirements, because it helps to understand the business needs and expectations for using the application, and to communicate the security risks and implications. The information security manager and the business owner should work together to evaluate the trade-offs between the benefits and the risks of the application, and to determine the best course of action, such as modifying the requirements, finding an alternative solution, or accepting the risk.

References =

CISM Review Manual, 16th Edition, ISACA, 2020, p. 41: “The information security manager should consult with the business owners to understand their needs and expectations for using third-party services, and to communicate the security risks and implications.”

CISM Review Manual, 16th Edition, ISACA, 2020, p. 42: “The information security manager and the business owners should collaborate to evaluate the trade-offs between the benefits and the risks of using third-party services, and to determine the best course of action, such as modifying the requirements, finding an alternative solution, or accepting the risk.”

Best Practices to Manage Risks in the Cloud - ISACA: “The information security manager should work with the business owner to define the security requirements for the cloud service, such as data protection, access control, incident response, and compliance.”

Question 195

Which of the following risk responses is an example of risk transfer?

Options:

Utilizing third-party applications

Purchasing cybersecurity insurance

Moving risk ownership to another department

Conducting off-site backups

Answer:

Explanation:

Risk transfer involves shifting the impact or financial consequences of a risk to a third party. Purchasing cybersecurity insurance is the most common example, where the organization pays a premium to a provider who assumes certain financial responsibilities in the event of a security incident.

Other options listed do not transfer risk:

A. Using third-party applications may introduce new risks, not transfer existing ones.

C. Moving ownership within the organization is reassignment, not transfer.

D. Off-site backups are a form of risk mitigation, not transfer.

“Risk transfer shifts the financial consequences of a risk to another entity, typically through insurance or contractual arrangements.”

— CISM Review Manual 15th Edition, Chapter 2: Risk Management, Section: Risk Treatment Options*

Example: “An organization may transfer the financial impact of a potential data breach through the purchase of cyber insurance.”

Question 196

Which of the following BEST demonstrates that an anti-phishing campaign is effective?

Options:

Improved staff attendance in awareness sessions

Decreased number of phishing emails received

Improved feedback on the anti-phishing campaign

Decreased number of incidents that have occurred

Answer:

Explanation:

The ultimate goal of an anti-phishing campaign is to reduce the risk and impact of phishing attacks on the organization. Therefore, the most relevant and reliable indicator of the effectiveness of an anti-phishing campaign is the decreased number of incidents that have occurred as a result of phishing. This metric shows how well the employees have learned to recognize and report phishing emails, and how well the security controls have prevented or mitigated the damage caused by phishing.

References = Five Ways to Achieve a Successful Anti-Phishing Campaign; Don’t click: towards an effective anti-phishing training. A comparative literature review; CISA, NSA, FBI, MS-ISAC Publish Guide on Preventing Phishing Intrusions

Isaca Certification CISM Release Date
All CISM Test Inside Isaca Questions
Last Attempt CISM Questions
Ace Your CISM Isaca Certification Exam
Free Access Isaca CISM New Release
CISM Premium Exam Questions
Helping Hand Questions for CISM
Passed Exam Today CISM
Selected CISM Isaca Certification Questions Answers
Legit CISM Exam Download
Exactprep CISM Questions
New Release CISM Isaca Certification Questions
Isaca CISM Actual Questions
Changed CISM Exam Questions
Isaca Certification CISM Book
Isaca CISM Based on Real Exam Environment
Isaca Certification CISM Full Course Free
CISM Reviews Questions
Full Access Isaca CISM Tutorials
Download Full Version CISM Isaca Exam
CISM Leak Questions
Isaca CISM Questions Answers
Free CISM Questions Attempt
CISM VCE Exam Download
CISM Isaca Exam Lab Questions
Sure Pass Exam CISM PDF
Isaca CISM Online Access
Online CISM Questions Video
Isaca Certification Changed CISM Questions
CISM Exam Questions Tutorials
Isaca Certification CISM Exam Dumps
Isaca Certification CISM Reddit Questions
PDF CISM Study Guide
CISM Questions Bank
Download Latest CISM Questions
Pearson CISM New Attempt
Pass Using CISM Exam Dumps
Isaca Certification CISM Dumps PDF
Isaca Certification CISM Syllabus Exam Questions Answers
Isaca Certification CISM Exam Questions and Answers PDF
CISM Exam Results
Complete CISM Isaca Materials
Isaca Certification CISM Updated Exam
Pass CISM Exam Guide
Newly Released Isaca CISM Exam PDF
Isaca Isaca Certification CISM New Questions
Isaca Certification CISM Isaca Study Notes
Free CISM Isaca Updates
Isaca Certification CISM Passing Score
Vce CISM Questions Latest
Get More Isaca Exams Free Access

Weekend Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Certified Information Security Manager Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce