Study guides, Class notes & Summaries

CISM (Certified Information Security manager) – Questions and answers, graded A+ Characteristics of a good information security risk management plan - -1. Should be linked to business objectives 2. Should incorporate existing risk management practices Steps that IS manager should follow to plan a risk management program? - -1. Establish program context and purpose 2. developing a program scope statement and charter 3. identify and classify information assets and determine asset o...

CISM Exam Review Questions and answers, graded A+ SDO Time taken to resume ACCEPTABLE OPERATIONS. Agreed-on level of service required to resume acceptable operations. Reflects a commitment to internal customers to meet certain performance standards. Note that the primary focus of incident response is to ensure that business-defined service delivery objectives are met. A prior determination of acceptable levels of operation in the event of an outage is the SDO. The SDO may be set at l...

CISM Exam Review Questions and answers, rated A+ How much security is enough? - -Just enough What is the role of the security professional? - -Advise, not decide, on security matters for the organization Define confidentiality - -Prevent unauthorized disclosure of data (privacy, security) Define integrity - -Prevent/detect unauthorized modification of data Define availability - -Ensure timely access to resources What is the opposite of confidentiality? - -Disclosure of data What is th...

ISACA CISM Certification Sample Questions & answers, graded A+ 01. IT-related risk management activities are MOST effective when they are: a) treated as a distinct process b) conducted by the IT department c) communicated to all employees d) integrated within business processes - -Answer: d) integrated within business processes 02. A risk assessment and business impact analysis (BIA) have been completed for a major proposed purchase and new process for an organization. There is disag...

CISM Prep Questions & Answers, graded A+, verified/ Organization's senior mgt is encouraging employees to use social media. Which of the following should be the information security mgr's 1st step to support this strategy - -Incorporate social media into the security awareness program. Which of the following is the MOST effective way for an information security manager to ensure that security is being incorporated into fundamental processes - -Integrate organization's security req...

CISM Exam Review Questions and answers, graded A+ An organization has a process whereby security-related hazards are identified, followed by analysis and decisions about what to do about these hazards. What kind of a business process is this? - -Risk Management An organization has a process whereby security-related hazards are identified, followed by analysis and decisions about what to do about these hazards. What kind of a business process is this? - -Risk Management What is the p...

CISM Exam Review Questions and answers, rated A+ financial accounting - -the process of providing financial information to external decision makers a. income statement b. federal income tax return c. balance sheet d. statement of cash flows - - financial statements generally include all of the following except: a. about a firm's financing and investing activities b. about a firm's management team c. about a firm's product lines d. that is useful in decision making - -the primary obje...

CISM Exam Questions and answers, graded A+, VERIFIED/ ____________________ ______________________ will define the approach to achieving the security program outcomes management wants. It should also be a statement of how security aligns with and supports business objectives. It proved the basis for good security governance. - -Security strategy A security strategy is important for an enterprise primarily because it: - -provides the approach to achieving the outcomes management wants T...

CISM Exam Review Questions and answers, rated A+ How much security is enough? - -Just enough What is the role of the security professional? - -Advise, not decide, on security matters for the organization Define confidentiality - -Prevent unauthorized disclosure of data (privacy, security) Define integrity - -Prevent/detect unauthorized modification of data Define availability - -Ensure timely access to resources What is the opposite of confidentiality? - -Disclosure of data What is th...

CISM EXAM PREP 2024 QUESTIONS CORRECTLY ANSWERED!!