Last Updated on October 26, 2022 by InfraExam
CISM : Certified Information Security Manager : Part 24
Which of the following BEST protects against web-based cross-domain attacks?
- Database hardening
- Application controls
- Network addressing scheme
- Encryption controls
Which of the following would be MOST effective in preventing malware from being launched through an email attachment?
- Up-to-date security policies
- Placing the e-mail server on a screened subnet
- Security awareness training
- A network intrusion detection system (NIDS)
Which of the following risks would BEST be assessed using quantitative risk assessment techniques?
- Customer data stolen
- An electrical power outage
- A web site defaced by hackers
- Loss of the software development team
The effect of the theft of customer data or web site defacement by hackers could lead to a permanent decline in customer confidence, which does not lend itself to measurement by quantitative techniques. Loss of a majority of the software development team could have similar unpredictable repercussions. However, the loss of electrical power for a short duration is more easily measurable and can be quantified into monetary amounts that can be assessed with quantitative techniques.
The impact of losing frame relay network connectivity for 18-24 hours should be calculated using the:
- hourly billing rate charged by the carrier.
- value of the data transmitted over the network.
- aggregate compensation of all affected business users.
- financial losses incurred by affected business units.
The bottom line on calculating the impact of a loss is what its cost will be to the organization. The other choices are all factors that contribute to the overall monetary impact.
Which of the following is the MOST usable deliverable of an information security risk analysis?
- Business impact analysis (BIA) report
- List of action items to mitigate risk
- Assignment of risks to process owners
- Quantification of organizational risk
Although all of these are important, the list of action items is used to reduce or transfer the current level of risk. The other options materially contribute to the way the actions are implemented.
Ongoing tracking of remediation efforts to mitigate identified risks can BEST be accomplished through the use of which of the following?
- Tree diagrams
- Venn diagrams
- Heat charts
- Bar charts
Meat charts, sometimes referred to as stoplight charts, quickly and clearly show the current status of remediation efforts. Venn diagrams show the connection between sets; tree diagrams are useful for decision analysis; and bar charts show relative size.
Information security policies should be designed PRIMARILY on the basis of:
- business demands.
- inherent risks
- international standards.
- business risks.
If the inherent risk of a business activity is higher than the acceptable risk level, the information security manager should FIRST:
- implement controls to mitigate the risk to an acceptable level.
- recommend that management avoids the business activity.
- assess the gap between current and acceptable level of risk.
- transfer risk to a third party to avoid cost of impact.
Several identified risks have been mitigated to an acceptable level with appropriate controls. Which of the following activities would BEST help to maintain acceptable risk levels?
- Frequent assessments of inherent risks
- Periodic reviews of changes to the environment
- Periodic cost-benefit analyses of the implemented controls
- Frequent assessments of risk action plans
Which of the following should be the PRIMARY basis for determining risk appetite?
- Organizational objectives
- Senior management input
- Industry benchmarks
- Independent audit results
When scoping a risk assessment, assets need to be classified by:
- likelihood and impact.
- sensitivity and criticality.
- threats and opportunities.
- redundancy and recoverability.
In order to understand an organization’s security posture, it is MOST important for an organization’s senior leadership to:
- ensure established security metrics are reported.
- review the number of reported security incidents.
- assess progress of risk mitigation efforts.
- evaluate results of the most recent incident response test.
Which is the BEST way for an organization to monitor security risk?
- Analyzing key performance indicators (KPIs)
- Using external risk intelligence services
- Using a dashboard to assess vulnerabilities
- Analyzing key risk indicators (KRIs)
An awareness program is implemented to mitigate the risk of infections introduced through the use of social media. Which of the following will BEST determine the effectiveness of the awareness program?
- A post-awareness program survey
- A quiz based on the awareness program materials
- A simulated social engineering attack
- Employee attendance rate at the awareness program
When considering whether to adopt bring your own device (BYOD), it is MOST important for the information security manager to ensure that:
- business leaders have an understanding of security risks.
- users have read and signed acceptable use agreements.
- security controls are applied to each device when joining the network.
- the applications are tested prior to implementation.
Which of the following is MOST important to consider when defining control objectives?
- The current level of residual risk
- The organization’s strategic objectives
- Control recommendations from a recent audit
- The organization’s risk appetite
Which of the following should be the MOST important consideration when reporting sensitive risk-related information to stakeholders?
- Ensuring nonrepudiation of communication
- Consulting with the public relations director
- Transmitting the internal communication securely
- Customizing the communication to the audience
Conflicting objectives are MOST likely to compromise the effectiveness of the information security process when information security management is:
- reporting to the network infrastructure manager.
- outside of information technology.
- partially staffed by external security consultants.
- combined with the change management function.
Which of the following is MOST important for an information security manager to ensure when evaluating change requests?
- Requests are approved by process owners.
- Requests add value to the business.
- Residual risk is within risk tolerance.
- Contingency plans have been created.
Which of the following trends would be of GREATEST concern when reviewing the performance of an organization’s intrusion detection systems (IDS)?
- Decrease in false negatives
- Increase in false positives
- Decrease in false positives
- Increase in false negatives