Certified Information Security Manager

Currently seeing questions 1 - 5 out of 1398
Currently on page 1 out of 280

Question 1Topic 1

An information security risk analysis BEST assists an organization in ensuring that:

A. the infrastructure has the appropriate level of access control.

B. cost-effective decisions are made with regard to which assets need protection

C. an appropriate level of funding is applied to security processes.

D. the organization implements appropriate security technologies

Question 2Topic 1

In a multinational organization, local security regulations should be implemented over global security policy because:

A. business objectives are defined by local business unit managers.

B. deploying awareness of local regulations is more practical than of global policy.

C. global security policies include unnecessary controls for local businesses.

D. requirements of local regulations take precedence.

Question 3Topic 1

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization's information security controls, an information security manager should FIRST:

A. conduct a cost-benefit analysis.

B. conduct a risk assessment.

C. interview senior management.

D. perform a gap analysis.

Question 4Topic 1

When management changes the enterprise business strategy, which of the following processes should be used to evaluate the existing information security controls as well as to select new information security controls?

A. Access control management

B. Change management

C. Configuration management

D. Risk management

Question 5Topic 1

Which of the following is the BEST way to build a risk-aware culture?

A. Periodically change risk awareness messages.

B. Ensure that threats are communicated organization-wide in a timely manner.

C. Periodically test compliance with security controls and post results.

D. Establish incentives and a channel for staff to report risks.