Want to unlock features that will help you study for CISM and support ExamTopics? Show We work hard to maintain the website and the database.
Contributor Access features are unlocked instantly after checkout. Many computer users believe that because they are skilled at generating documents and presentations, they know everything about computers. These power users have moved beyond application basics, but many still do not understand even basic security concepts. You may also read:
1. The primary responsibility of the information security steering committee is:
2. Which of the following would be included in an information security strategic plan?
3. The most important responsibility of an information security manager in an organization is:
4. On which of the following would an information security strategy place the most emphasis?
5. Which of the following best describes an information security department’s strategic planning process?
6. To ensure that an organization’s password policy is effective, it must provide two key elements: difficult to guess; and
7. “Least privilege” is defined as:
8. An organization’s log-on screen must contain three statements: the system is for authorized users, activities will be monitored, and
9. Authentication is the process to verify the identity of a user, device, or other entity. The most common forms of authentication used today are passwords. Three types of authentication are: something you know, something you have, and
10. The purpose of change control is to:
11. What data should be subject to a data classification scheme?
12. The principle of separation of duties is useful in:
13. What are the three objectives of information security?
14. Four deliverables from a risk assessment process are threats identified, controls selected, action plan complete, and
15. Need-to-know is defined as
16. A financial estimate designed to help consumers and enterprise managers assess direct and indirect costs related to the purchase of any capital investment, such as (but not limited to) computer software or hardware is termed:
17. The process where senior management commits allegiance to the enterprise and acknowledges that the interest of the enterprise must prevail over any personal or individual interest is termed:
18. This recent piece of legislation requires annual affirmation of management’s responsibility for internal controls over financial reporting. Management must attest to effectiveness based on an evaluation and the auditor must attest and report on management’s evaluation.
19. An annual report of the state of information security should be presented to the information security steering committee. This reporting requirement has been established in the current legislation and information security international standards. This report should not be confused with a standard feature audit performed by the audit staff nor is it part of some third-party certification process. Who is responsible for presenting this annual report?
20. This individual is responsible for the organization’s planning, budgeting, and performance, including its information security components. Decisions made in this area should be based on an effective risk management program.
21. This form of emergency plan provides procedures for disseminating status reports to personnel and the public. It addresses communications with personnel and the public and is not IT focused. This plan is called:
22. Any information security program must get its direction from executive management. The requirements of today’s laws and regulations have identified either the organization’s board of directors or what other body as responsible for instituting an effective program?
23. Developing business case and enterprise value analysis that supports information security program investments is a vital task for the information security manager. Organizations often justify spending based on a project’s value. Two common methods used are Total Cost of Operations (TCO) and what other widely accepted method?
24. Unlike the policy development process, the use of a team to develop procedures will actually slow the process down. Many security professionals reach this stage of the information security program and believe that the bulk of their work is complete and now it will be up to whom to write the procedures?
25. There are three types of policies and you will use each type at different times in your information security program and throughout the organization to support the business process or mission. The policy that is used to establish the organization’s overall vision and direction is termed:
26. A director shall discharge his or her duties: in good faith; with the care an ordinarily prudent person in a like position would exercise under similar circumstances; and in a manner he or she reasonably believes is in the best interest of the enterprise. This responsibility is termed:
27. The group who is charged with the responsibility to “assess the adequacy of and compliance with management, operating, and financial controls, as well as the administrative and operational effectiveness of organizational units” is who?
28. This organization got its start in 1967, when a small group of individuals with similar jobs—auditing controls in the computer systems that were becoming increasingly critical to the operations of their organizations—sat down to discuss the need for a centralized source of information and guidance in the field. This organization is called:
29. An annual report of the state of information security should be presented to the information security steering committee. This reporting requirement has been established in the current legislation and information security international standards. This report should not be confused with a standard feature audit performed by the audit staff nor is it part of some third-party certification process. Typically the CISO would prepare a report on the levels of compliance currently seen throughout the business units. The report development process normally has two key components: compliance with core information security requirements; and what?
30. The Cyber Security Industrial Alliance published their National Agenda for Information Security in 2006 in December, 2005. In this document the Alliance noted that “Information assurance in the private sector is critical to creating a more secure infrastructure.” The report recommended that the federal government “encourage” CEOs to review cyber security measures at board meetings. This effort will help senior executives understand what?
31. Which of the following is a key drawback in the use of quantitative risk analysis? It:
32. Acceptable risk is usually:
33. The cost of mitigating a risk should not exceed the:
Tags: Certification Exam Questions, Computer Security MCQ, Cyber Security MCQ, Information Security MCQ, Information Security Questions, MCQ with Answers, Risk Assessment MCQ, Risk Assessment Questions, Security Questions with Answers, Tech Hyme Answers, Tech Hyme Questions Continue ReadingWhat is the primary responsibility of the security steering committee?The role of the corporate security steering committee is to coordinate corporate security initiatives at the executive level and thus enable an organization to optimize spending, manage their infrastructure and minimize security risk.
What is a steering committee in information security governance?A security steering committee establishes the corporate stance on information technology (IT), demonstrating a dedication to maintaining systems and ultimately creating a cost-effective strategy to properly protect systems and data.
Which of the following most commonly falls within the scope of an information security governance steering committee?Which of the following MOST commonly falls within the scope of an information security governance steering committee? Explanation: Prioritizing information security initiatives is the only appropriate item.
|