Isaca CISM Quiz 174 Topic 6 Questions 866-870

Question: 1

Risk reporting requirements should be PRIMARILY based on:

Apolicies approved by information security.

Bthe criticality of assets.

Ccriteria approved by management,

Devents defined by information security.

Show Answer

Question: 2

The BEST way to minimize errors in the response to an incident is to:

Aanalyze the situation during the incident.

Breference system administration manuals.

Cimplement vendor recommendations.

Dfollow standard operating procedures.

Show Answer

Question: 3

In an organization where IT is critical to its business strategy and where there is a high level of operational dependence on IT, senior management commitment to security is BEST demonstrated by the:

Asegregation of duties policy

Bexistence of an IT steering committee.

Csize of the IT security function,

Dreporting The of the chief information security officer (CISO)

Show Answer

Question: 4

An information security manager has implemented an ongoing security awareness training program. Employee participation has been decreasing over the year, while the number of malware and phishing incidents from email has been increasing. What is the information security manager's BEST course of action?

AInclude regular phishing campaigns after each training session.

BMake the training program mandatory and enforce sanctions for noncompliance.

CPerform a risk assessment and share results with employees.

DReport the findings to senior management with recommendations.

Show Answer

Question: 5

A risk profile supports effective security decisions PRIMARILY because it:

Aidentifies priorities for risk reduction.

Bdescribes security threats.

Cenables comparison with industry best practices.

Ddefines how to best mitigate future risks.

Show Answer

Isaca CISM Quiz:174 Topic:6 Questions:866-870