Isaca CISM - Certified Information Security Manager
Which of the following is the MOST critical input to developing policies, standards, and procedures to secure information assets?
An organization has updated its business goals in the middle of the fiscal year to respond to changes in market conditions. Which of the following is MOST important for the information security manager to update in support of the new goals?
Which of the following presents the GREATEST challenge to a security operations center's wna GY of potential security breaches?
Which of the following elements of a service contract would BEST enable an organization to monitor the information security risk associated with a cloud service provider?
An organization involved in e-commerce activities operating from its home country opened a new office in another country with stringent security laws. In this scenario, the overall security strategy should be based on:
Which of the following BEST enables an organization to enhance its incident response plan processes and procedures?
Which of the following is MOST important for an information security manager to consider when reviewing a security investment plan?
The PRIMARY goal to a post-incident review should be to:
An organization has identified IT failures in a call center application. Of the following, who should own this risk?
When taking a risk-based approach to vulnerability management, which of the following is MOST important to consider when prioritizing a vulnerability?
Which of the following provides the BEST input to determine the level of protection needed for an IT system?
Which of the following BEST demonstrates the added value of an information security program?
Unintentional behavior by an employee caused a major data loss incident. Which of the following is the BEST way for the information security manager to prevent recurrence within the organization?
As part of incident response activities, the BEST time to begin the recovery process is after:
Which of the following BEST indicates misalignment of security policies with business objectives?
Which of the following is an information security manager's BEST course of action when a threat intelligence report indicates a large number of ransomware attacks targeting the industry?
Which of the following is the MOST important characteristic of an effective information security metric?
The business value of an information asset is derived from:
Which of the following is the GREATEST benefit of classifying information security incidents?
When establishing an information security governance framework, it is MOST important for an information security manager to understand: