Isaca CISM Quiz 307 Topic 5 Questions 1531-1535

Question: 1

Which of the following is MOST important to determine before developing information security program metrics?

AWho will use the metrics

BHow performance will be reported

CWho will own the metrics

DHow the data will be collected

Show Answer

Question: 2

For event logs to be acceptable for incident investigation, which of the following is MOST important to implement on all systems to

establish a proper trail of evidence?

ASource confidentiality

BEvent data integrity

CTime synchronization

DAccess to the logs

Show Answer

Question: 3

Which of the following is the MOST important factor to be considered when reviewing an information security strategy?

AFrequency of security incidents

BBenchmarking to industry peers

CEvolving business goals

DUnmitigated risk

Show Answer

Question: 4

A regulatory compliance issue has been identified in a critical business application, but remediating the issue would significantly impact

business operations. What information would BEST enable senior management to make an informed decision?

AIndustry benchmarks and best practices

BCosts associated with compensating controls

CRisk assessment results and recommendations

DImpact analysis and treatment option

Show Answer

Question: 5

Management has expressed concern that they are not kept fully informed of key information security risks associated with the organization.

Which of the following should be done FIRST to address this concern?

ADetermine the desired metrics and develop a reporting schedule.

BProvide a report on information security industry trends and benchmarks.

CPrepare a presentation on information security initiatives for management

DDevelop an ongoing risk and security awareness training program for management.

Show Answer

Isaca CISM Quiz:307 Topic:5 Questions:1531-1535