ISACA-Certified Information Security Manager Set 2

1.

A good privacy statement should include:

notification of liability on accuracy of information. notification that information will be encrypted. what the company will do with information it collects. a description of the information classification process.

2.

A new regulation for safeguarding information processed by a specific type of transaction has come to the attention of an information security officer. The officer should FIRST:

meet with stakeholders to decide how to comply. analyze key risks in the compliance process. assess whether existing controls meet the regulation. update the existing security/privacy policy.

3.

The PRIMARY objective of a security steering group is to:

ensure information security covers all business functions. ensure information security aligns with business goals. raise information security awareness across the organization. implement all decisions on security management across the organization.

4.

Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:

baseline. strategy. procedure. policy.

5.

At what stage of the applications development process should the security department initially become involved?

When requested At testing At programming At detail requirements

6.

When personal information is transmitted across networks, there MUST be adequate controls over:

change management. privacy protection. consent to data transfer. encryption devices.

7.

An organization's information security processes are currently defined as ad hoc. In seeking to improve their performance level, the next step for the organization should be to:

ensure that security processes are consistent across the organization. enforce baseline security levels across the organization. ensure that security processes are fully documented. implement monitoring of key performance indicators for security processes.

8.

Who in an organization has the responsibility for classifying information?

Data custodian Database administrator Information security officer Data owner

9.

Who is ultimately responsible for the organization's information?

Data custodian Chief information security officer (CISO) Board of directors Chief information officer (CIO)

10.

In order to highlight to management, the importance of integrating information security in the business processes, a newly hired information security officer should FIRST:

prepare a security budget. conduct a risk assessment. develop an information security policy. obtain benchmarking information.

ISACA-Certified Information Security Manager Set 2

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

COMPANY

Products

OTHERS

Partner

ISACA-Certified Information Security Manager Set 2

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Answer & Solution

Answer: Option B

Solution:

Congratulations

Detail Form

COMPANY

Products

OTHERS

Partner