Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

ISACA Certified Information Security Manager, Exams of Cybercrime, Cybersecurity and Data Privacy

London School of Hygiene & Tropical Medicine (LSHTM)Cybercrime, Cybersecurity and Data Privacy

Various topics related to the isaca certified information security manager (cism) certification. It discusses key steps and considerations in implementing information security controls, managing incident response, conducting risk assessments, and developing security policies and strategies. Insights into best practices for information security management, including the importance of establishing metrics, involving affected organizations, addressing regulatory and compliance requirements, and ensuring senior management buy-in. It also covers topics such as resource allocation during incident triage, vulnerability assessment and prioritization, intrusion detection system design, and the role of data owners in access control. Overall, the document offers a comprehensive overview of the knowledge and skills required for an information security manager to effectively manage and secure an organization's information assets.

Typology: Exams

2023/2024

Available from 10/07/2024

DANTUTOR
DANTUTOR 🇬🇧

62 documents

1 / 6

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ISACA Certified Information Security
Manager
Which of the following is the primary step in control implementation for a new business
application? -
D. Risk assessment
When implementing an information security program, in which phase of the
implementation should metrics be established to assess the effectiveness of the
program over time?" -
Either
B. Initiation
C. Design
Data owners are concerned and responsible for who has access to their resources and
therefore need to be concerned with the strategy of how to mitigate risk of data resource
usage. Which of the following actions facilitates that responsibility? -
B. Entitlement changes
Which of the following is the best method to determine the effectiveness of the incident
response process? -
C. Post-incident review
When properly implemented, a risk management program should be designed to reduce
an organization's risk to: -
C. A level at which the organization is willing to accept
What controls the process of introducing changes to systems to ensure that unintended
changes are not introduced? -
C. Change management
All actions dealing with incidents must be worked with cyclical consideration. What is
the primary post-incident review takeaway? -
Either
A. Pursuit of legal action
B. Identify personnel failures
pf3
pf4
pf5

Partial preview of the text

Download ISACA Certified Information Security Manager and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

ISACA Certified Information Security

Manager

Which of the following is the primary step in control implementation for a new business application? - D. Risk assessment When implementing an information security program, in which phase of the implementation should metrics be established to assess the effectiveness of the program over time?" - Either B. Initiation C. Design Data owners are concerned and responsible for who has access to their resources and therefore need to be concerned with the strategy of how to mitigate risk of data resource usage. Which of the following actions facilitates that responsibility? - B. Entitlement changes Which of the following is the best method to determine the effectiveness of the incident response process? - C. Post-incident review When properly implemented, a risk management program should be designed to reduce an organization's risk to: - C. A level at which the organization is willing to accept What controls the process of introducing changes to systems to ensure that unintended changes are not introduced? - C. Change management All actions dealing with incidents must be worked with cyclical consideration. What is the primary post-incident review takeaway? - Either A. Pursuit of legal action B. Identify personnel failures

D. Derive ways to improve the response process If a forensics copy of a hard drive is required for legal matters, which of the following options provide the best solid defense for preservation of evidence? - C. A bit-by-bit copy of all data What is the preferred step an ISM should take to ensure the disaster recovery plan is adequate and remains current? - A. Quarterly reviews of recovery plan information Which of the following would prove to be the best protection and recovery procedures if an intruder has gained root access to a system? - Either A. Use system recovery to restore the last known good image C. Rebuild the system and its OS and applications using the original vendor media D. Have all users change passwords As the increased use of regulation and compliance in the Information Security arena expands, information security managers must work to put tasks into perspective. To do this, ISMs should involve affected organizations and view "regulations" as a? - Either A. Risk B. Legal interpretation Which of the following is the most significant challenge when developing an incident management plan? - D. Lack of management and leadership buy-in Resource allocation is crucial during incident triage as it assists in prioritization and categorization. Why would this be critical for most organizations when conducting triage? - A. Most organizations have limited incident handling resources As part of the Risk Management process, assessments must be performed on the information systems and resources of an organization. If there are vulnerabilities disclosed during an assessment, those vulnerabilities should be: -

Either A. A breakeven point of risk reduction and cost B. Separation of risk and BCP efforts C. Mitigation of all man-made internal threats Which of the following is NOT an information security management framework? - Either A. COBIT 5 B. Capability Maturity Model C. ISO/IEC 27001 Because risks, both internal and external, are continuously changing, how often should a risk assessment should be conducted? - D. Annually or whenever there is a significant change A well-organized information security awareness course provides employees with current security policies, an information protection overview, and the steps for reporting any possible security incidents appropriately. Which of the following is the most probable result in the organization upon course completion? - A. Increased reporting of security incidents to the incident response group Along with cataloging and assigning value to their information, this individual holds the proper role for review and confirmation of individuals on an access list? - A. The Data Owner A bottom up approach to information security activities is rarely successful. To achieve senior management commitment and support for information security, your approach should be based on Regulation, Compliance Requirements, and also by presenting ideas - D. Align security objectives with key business objectives When developing a security policy it is important to prioritize risk based on the potential impact to the business. This can be completed through? - A. Creation of a threat profile

Which of the following aspects has the highest impact on the implementation of an organization's information security governance model? - Either A. Employees assigned to teams C. Organizational structure Consistency and continuity of information is an important factor in incident responses. Which of the following resources should be contained within a computer incident response team (CIRT) manual? - A. Incident severity criteria Decisions to build an alternate facility or outsource to a hot site must be business decisions and take into consideration similar risks. Which of the following facilitates this decision? - C. The location and cost of commercial recovery facilities At the conclusion of the risk assessment process, which of the following would prove most beneficial to understand in assisting the risk management decision making? - Either A. Control risk C. Risk exposure D. Residual risk What would a risk management program be expected to accomplish? - B. Ensure all residual risk is maintained at an acceptable level Risk analysis is where the level of risk and its nature are assessed and understood, and it should: - C. Equally consider the potential size and likelihood of loss In the Information technology arena, information is important based on your role and perspective. Based on the ISM role what is the most important factor concerning data retention? - Either A. Regulatory and business requirements