Isaca CISM Quiz 10 Topic 5 Questions 46-50

Question: 1

An organization that has outsourced its incident management capabilities just discovered a of the following is the MOST important action of the information security manager?

AFollow the outsourcer's response plan.

BNotify the outsourcer of the privacy breach.

CRefer to the organization's response plan.

DAlert the appropriate law enforcement authorities.

Show Answer

Question: 2

Which of the following would be MOST effective in changing the security culture and behavior of staff?

AAuditing compliance with the information security policy

BPromoting the information security mission within the enterprise

CEnforcing strict technical information security controls

DDeveloping procedures to enforce the information security policy

Show Answer

Question: 3

Which of the following BEST demonstrates the added value of an information security program?

AA SWOT analysis

BA gap analysis

CSecurity baselines

DA balanced scorecard

Show Answer

Question: 4

A multinational organization is required to follow governmental regulations with different security requirements at each of its operating locations. The chief information security officer (CISO) should be MOST concerned with:

Ausing industry best practice to meet local legal regulatory requirements.

Bdeveloping a security program that meets global and regional requirements.

Cmonitoring compliance with defined security policies and standards.

Densuring effective communication with local regulatory bodies.

Show Answer

Question: 5

Which of the following is MOST important to include in a report of an organization's information security risk?

AResidual risk

BMitigated risk

CInherent risk

DControl risk

Show Answer

Isaca CISM Quiz:10 Topic:5 Questions:46-50