CISM Domain 1 Questions Set-2: INFORMATION SECURITY GOVERNANCE

 11. What is the purpose of security governance in an organization?

a) To establish technical controls for information security.

b) To align the organization's security program with the needs of the business.

c) To enforce strict policies and procedures for employee compliance.

d) To promote collaboration between IT and security teams.

 

12. How are priorities in the security program determined?

a) By following industry best practices.

b) Based on the organization's budget allocation for security.

c) Through regular employee training and awareness programs.

d) Priorities should flow directly from the organization's mission, objectives, and goals.

 

13. What are standards in the context of security governance?

a) Guidelines for developing security policies.

b) Frameworks for risk assessment and management.

c) Best practices for incident response and recovery.

d) Standards help to drive a consistent and secure approach to solving business challenges.

 

14. What are controls in the context of security governance?

a) Monitoring tools for detecting security incidents.

b) Security policies and procedures.

c) Techniques for securing network infrastructure.

d) Controls are formal descriptions of critical activities to ensure desired outcomes.

 

15. How should security governance be practiced in an organization?

a) As a standalone process separate from IT and corporate governance.

b) By solely focusing on technical aspects of information security.

c) By involving only the IT department in decision-making.

d) Security governance should be practiced in a manner similar to IT governance and corporate governance.

 

16. What is the purpose of risk assessments in an effective security governance program?

a) To identify cybersecurity tools and technologies.

b) To allocate resources for incident response procedures.

c) To identify risks in information systems and supported processes.

d) To improve compliance with laws and regulations.

 

17. What is the purpose of incident response procedures in security governance?

  a) To identify potential business events such as mergers or acquisitions.

b) To allocate resources for business continuity and disaster recovery planning.

c) To improve compliance with laws, regulations, and standards.

d) To improve response to incidents and minimize their impact on the organization.

 

18. What is the purpose of metrics in security governance?

a) To identify recent business results and changes to the business.

b) To measure key security events such as policy changes and violations.

c) To allocate resources for business continuity and disaster recovery plans.

d) To improve strategic decisions in the IT organization.

 

19. What is the purpose of resource management in security governance?

a) To identify risks in information systems and supported processes.

b) To allocate manpower, budget, and other resources to meet security objectives.

c) To improve response to incidents and minimize their impact on the organization.

d) To improve strategic decisions in the IT organization.

 

20. How are scripted interactions among key business and IT executives used in security governance?

a) To measure key security events and incidents.

b) To allocate resources for business continuity and disaster recovery plans.

c) To identify recent business results and changes to the business.

d) To discuss the impact of regulatory changes, alignment with business objectives, and recent audits.

Comments

Post a Comment

Popular posts from this blog

CISM Domain 1 Questions Set-1: INFORMATION SECURITY GOVERNANCE

1. Which processes are typically included in information security governance? a) Personnel management, sourcing, and change management b) Configuration management, access management, and business continuity planning c) Risk management, vulnerability management, and incident management d) All of the above 2. What is a key component of information security governance? a) Continuous improvement of security processes b) Effective organization structure and role definition c) Balanced scorecard and metrics monitoring d) All of the above 3. Why do organizations that lack information security face a business problem? a)  Poor business continuity planning b) Inadequate technology solutions c) Insufficient personnel management d) Lack of understanding and commitment by senior executives 4. What is the main challenge faced by organizations in managing information security at the boardroom level? a) Lack of awareness or cybersecurity savviness b) Inadequ...
Read more

CISM Domain 1 Questions Set-3: INFORMATION SECURITY GOVERNANCE

21) Who is typically responsible for making risk treatment decisions in a properly functioning risk          management program?       a) Chief Information Security Officer (CISO)      b) Chief Executive Officer (CEO)      c) Chief Financial Officer (CFO)      d) Chief Operating Officer (COO) 22) Do organizations usually have a uniform risk tolerance level across different business          functions and security aspects?      a) Yes, organizations have a uniform risk tolerance level.      b) No, organizations have varying risk tolerance levels.      c) Risk tolerance is determined solely by the CISO.      d) Risk tolerance is determined solely by the CEO. 23) What is risk appetite defined as by ISACA?      a) The level of risk that an organization can tolerate without its continued existence being c...
Read more

CISM Domain 1 Answers Set-2: INFORMATION SECURITY GOVERNANCE

11)      What is the purpose of security governance in an organization? Correct Answer: b) To align the organization's security program with the needs of the business. Explanation: Security governance ensures that the organization's security program is strategically aligned with the business requirements, ensuring that information security supports the overall goals and objectives of the organization. 12)      How are priorities in the security program determined? Correct Answer: d) Priorities should flow directly from the organization's mission, objectives, and goals. Explanation: The priorities in the security program should be derived from the overall mission, objectives, and goals of the organization. What is important to the organization as a whole should also be important to information security.   13)      What are standards in the context of security governance? Correct Answer: d) Standards help t...
Read more