CISM : Certified Information Security Manager : Part 36

Last Updated on October 26, 2022 by InfraExam

CISM : Certified Information Security Manager : Part 36

CISM : Part 1 - 40
CISA : Part 41 - 80

Which of the following is the BEST reason to develop comprehensive information security policies?
- To comply with external industry and government regulations
- To support development of effective risk indicators
- To align the information security program to organizational strategy
- To gain senior management support for the information security program
An organization has announced new initiatives to establish a big data platform and develop mobile apps. What is the FIRST step when defining new human resource requirements?
- Request additional funding for recruiting and training.
- Analyze the skills necessary to support the new initiatives.
- Benchmark to an industry peer.
- Determine the security technology requirements for the initiatives.
What is the PRIMARY role of the information security program?
- To develop and enforce a set of security policies aligned with the business
- To educate stakeholders regarding information security requirements
- To perform periodic risk assessments and business impact analyses (BIAs)
- To provide guidance in managing organizational security risk
An information security program should be established PRIMARILY on the basis of:
- the approved information security strategy.
- the approved risk management approach.
- data security regulatory requirements.
- senior management input.
To ensure adequate disaster-preparedness among IT infrastructure personnel, it is MOST important to:
- have the most experienced personnel participate in recovery tests.
- include end-user personnel in each recovery test.
- assign personnel-specific duties in the recovery plan.
- periodically rotate recovery-test participants.
When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?
- Include information security clauses in the vendor contract.
- Review third-party reports of potential vendors.
- Include information security criteria as part of vendor selection.
- Develop metrics for vendor performance.
In an organization implementing a data classification program, ultimate responsibility for the data on the database server lies with the:
- information security manager
- business unit manager.
- database administrator (DBA).
- information technology manager:
Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?
- Auditing the service delivery of third-party providers
- Including information security clauses within contracts
- Providing information security training to third-party personnel
- Requiring third parties to sign confidentiality agreements
Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?
- Information security incidents
- Information security strategy
- Current resourcing levels
- Availability of potential resources
Which of the following is the BEST strategy to implement an effective operational security posture?
- Threat management
- Defense in depth
- Increased security awareness
- Vulnerability management
What should be the PRIMARY basis for establishing a recovery time objective (RTO) for a critical business application?
- Business impact analysis (BIA) results
- Related business benchmarks
- Risk assessment results
- Legal and regulatory requirements
Which of the following BEST supports the alignment of information security with business functions?
- Creation of a security steering committee
- IT management support of security assessments
- Business management participation in security penetration tests
- A focus on technology security risk within business processes
Which of the following security characteristics is MOST important to the protection of customer data in an online transaction system?
- Availability
- Data segregation
- Audit monitoring
- Authentication
Which of the following MUST be established before implementing a data loss prevention (DLP) system?
- Privacy impact assessment
- A data backup policy
- Data classification
- A data recovery policy
An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager’s MOST important action in support of this initiative?
- Calculate security implementation costs.
- Evaluate service level agreements (SLAs).
- Provide cloud security requirements.
- Review cloud provider independent assessment reports.
Which of the following is the MOST effective way to ensure the process for granting access to new employees is standardized and meets organizational security requirements?
- Grant authorization to individual systems as required with the approval of information security management.
- Require managers of new hires be responsible for account setup and access during employee orientation.
- Embed the authorization and creation of accounts with HR onboarding procedures.
- Adopt a standard template of access levels for all employees to be enacted upon hiring.
Which of the following has the GREATEST impact on efforts to improve an organization’s security posture?
- Supportive tone at the top management regarding security
- Well-documented security policies and procedures
- Regular reporting to senior management
- Automation of security controls
Which if the following is MOST important to building an effective information security program?
- Information security architecture to increase monitoring activities
- Management support for information security
- Relevant and timely content included in awareness programs
- Logical access controls for information systems
Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process?
- Make the provider accountable for security and compliance
- Perform continuous gap assessments
- Include audit rights in the service level agreement (SLA)
- Implement compensating controls
Which of the following is the BEST course of action for an information security manager to align security and business goals?
- Defining key performance indicators (KPIs)
- Actively engaging with stakeholders
- Reviewing the business strategy
- Conducting a business impact analysis (BIA)

CISM : Part 1 - 40
CISA : Part 41 - 80

CISM : Certified Information Security Manager : All Parts
CISM Part 01	CISM Part 11	CISM Part 21	CISM Part 31
CISM Part 02	CISM Part 12	CISM Part 22	CISM Part 32
CISM Part 03	CISM Part 13	CISM Part 23	CISM Part 33
CISM Part 04	CISM Part 14	CISM Part 24	CISM Part 34
CISM Part 05	CISM Part 15	CISM Part 25	CISM Part 35
CISM Part 06	CISM Part 16	CISM Part 26	CISM Part 36
CISM Part 07	CISM Part 17	CISM Part 27	CISM Part 37
CISM Part 08	CISM Part 18	CISM Part 28	CISM Part 38
CISM Part 09	CISM Part 19	CISM Part 29	CISM Part 39
CISM Part 10	CISM Part 20	CISM Part 30	CISM Part 40

CISM : Certified Information Security Manager : All Parts
CISM Part 41	CISM Part 51	CISM Part 61	CISM Part 71
CISM Part 42	CISM Part 52	CISM Part 62	CISM Part 72
CISM Part 43	CISM Part 53	CISM Part 63	CISM Part 73
CISM Part 44	CISM Part 54	CISM Part 64	CISM Part 74
CISM Part 45	CISM Part 55	CISM Part 65	CISM Part 75
CISM Part 46	CISM Part 56	CISM Part 66	CISM Part 76
CISM Part 47	CISM Part 57	CISM Part 67	CISM Part 77
CISM Part 48	CISM Part 58	CISM Part 68	CISM Part 78
CISM Part 49	CISM Part 59	CISM Part 69	CISM Part 79
CISM Part 50	CISM Part 60	CISM Part 70	CISM Part 80

CISM : Certified Information Security Manager : All Parts
CISM Part 01	CISM Part 11	CISM Part 21	CISM Part 31
CISM Part 02	CISM Part 12	CISM Part 22	CISM Part 32
CISM Part 03	CISM Part 13	CISM Part 23	CISM Part 33
CISM Part 04	CISM Part 14	CISM Part 24	CISM Part 34
CISM Part 05	CISM Part 15	CISM Part 25	CISM Part 35
CISM Part 06	CISM Part 16	CISM Part 26	CISM Part 36
CISM Part 07	CISM Part 17	CISM Part 27	CISM Part 37
CISM Part 08	CISM Part 18	CISM Part 28	CISM Part 38
CISM Part 09	CISM Part 19	CISM Part 29	CISM Part 39
CISM Part 10	CISM Part 20	CISM Part 30	CISM Part 40

CISM : Certified Information Security Manager : All Parts
CISM Part 41	CISM Part 51	CISM Part 61	CISM Part 71
CISM Part 42	CISM Part 52	CISM Part 62	CISM Part 72
CISM Part 43	CISM Part 53	CISM Part 63	CISM Part 73
CISM Part 44	CISM Part 54	CISM Part 64	CISM Part 74
CISM Part 45	CISM Part 55	CISM Part 65	CISM Part 75
CISM Part 46	CISM Part 56	CISM Part 66	CISM Part 76
CISM Part 47	CISM Part 57	CISM Part 67	CISM Part 77
CISM Part 48	CISM Part 58	CISM Part 68	CISM Part 78
CISM Part 49	CISM Part 59	CISM Part 69	CISM Part 79
CISM Part 50	CISM Part 60	CISM Part 70	CISM Part 80

CISM : Certified Information Security Manager : Part 36

Which of the following is the BEST reason to develop comprehensive information security policies?

An organization has announced new initiatives to establish a big data platform and develop mobile apps. What is the FIRST step when defining new human resource requirements?

What is the PRIMARY role of the information security program?

An information security program should be established PRIMARILY on the basis of:

To ensure adequate disaster-preparedness among IT infrastructure personnel, it is MOST important to:

When evaluating vendors for sensitive data processing, which of the following should be the FIRST step to ensure the correct level of information security is provided?

In an organization implementing a data classification program, ultimate responsibility for the data on the database server lies with the:

Which of the following is the MOST effective way for an organization to ensure its third-party service providers are aware of information security requirements and expectations?

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

Which of the following is the BEST strategy to implement an effective operational security posture?

What should be the PRIMARY basis for establishing a recovery time objective (RTO) for a critical business application?

Which of the following BEST supports the alignment of information security with business functions?

Which of the following security characteristics is MOST important to the protection of customer data in an online transaction system?

Which of the following MUST be established before implementing a data loss prevention (DLP) system?

An IT department plans to migrate an application to the public cloud. Which of the following is the information security manager’s MOST important action in support of this initiative?

Which of the following is the MOST effective way to ensure the process for granting access to new employees is standardized and meets organizational security requirements?

Which of the following has the GREATEST impact on efforts to improve an organization’s security posture?

Which if the following is MOST important to building an effective information security program?

Which of the following is the BEST way to address any gaps identified during an outsourced provider selection and contract negotiation process?

Which of the following is the BEST course of action for an information security manager to align security and business goals?