Isaca CISM - Certified Information Security Manager
A balanced scorecard MOST effectively enables information security:
Which of the following is the PRIMARY reason that an information security manager should restrict the use of generic administrator accounts in a multi-user environment?
Which of the following is the BEST way to determine the gap between the present and desired state of an information security program?
Which of the following is PRIMARILY determined by asset classification?
Which of the following is the MOST important criterion when deciding whether to accept residual risk?
An organization is in the process of acquiring a new company Which of the following would be the BEST approach to determine how to protect newly acquired data assets prior to integration?
Which of the following BEST supports the incident management process for attacks on an organization's supply chain?
Senior management recently approved a mobile access policy that conflicts with industry best practices. Which of the following is the information security manager's BEST course of action when developing security standards for mobile access to the organization's network?
Which of the following is the MOST important reason to conduct interviews as part of the business impact analysis (BIA) process?
Which of the following is the FIRST step when conducting a post-incident review?
Senior management has just accepted the risk of noncompliance with a new regulation What should the information security manager do NEX*P
Which of the following BEST enables an incident response team to determine appropriate actions during an initial investigation?
What is the PRIMARY objective of performing a vulnerability assessment following a business system update?
An organization implemented a number of technical and administrative controls to mitigate risk associated with ransomware. Which of the following is MOST important to present to senior management when reporting on the performance of this initiative?
To effectively manage an organization's information security risk, it is MOST important to:
When investigating an information security incident, details of the incident should be shared:
Which of the following should an information security manager do FIRST upon learning that some security hardening settings may negatively impact future business activity?
When selecting metrics to monitor the effectiveness of an information security program, it is MOST important for an information security manager to:
Which of the following is the MOST common cause of cybersecurity breaches?
A global organization is planning to expand its operations into a new country with stricter data protection regulations than those in the headquarters' home country. Which of the following is the BEST approach for adopting these new requirements?