Isaca CISM Quiz 132 Topic 4 Questions 656-660

Question: 1

There are concerns that security events are not reported to management in a timely manner. To address this situation which of the following is MOST important to review?

AKey risk indicators (KRls)

BThe security event log

CControl ownership

DThe incident response plan

Show Answer

Question: 2

Which of the following is the MOST effective way to communicate information security risk to senior management?

AKey performance indicators (KPIs)

BHeat map

CBalanced scorecard

DBusiness impact analysis (BIA)

Show Answer

Question: 3

An information security manager has identified multiple areas of compliance risk that could subject the organization to significant penalties regarding the handling of personal dat

a. Which of the following is the manager s BEST course of action?

AImmediately update the information security policy to address protection of personal data

BImplement information masking controls to hide personal data

CPrioritize the risk and present it to senior management.

DSeek human resources advice to make appropriate changes to the information security policy.

Show Answer

Question: 4

Which of the following would BEST detect malicious damage arising from an internal threat?

AFraud awareness training

BJob rotation

CAccess control list

DEncryption

Show Answer

Question: 5

After assessing risk, the decision to treat the risk should be based PRIMARILY on:

Awhether the level of risk exceeds risk appetite.

Bthe criticality of the risk.

Cwhether the level of risk exceeds inherent risk.

Davailability of financial resources.

Show Answer

Isaca CISM Quiz:132 Topic:4 Questions:656-660