Last Updated on October 26, 2022 by InfraExam
CISM : Certified Information Security Manager : Part 74
It is suspected that key e-mails have been viewed by unauthorized parties. The e-mail administrator conducted an investigation but it has not returned any information relating to the incident, and leaks are continuing. Which of the following is the BEST recommended course of action to senior management?
- Commence security training for staff at the organization.
- Arrange for an independent review.
- Rebuild the e-mail application.
- Restrict the distribution of confidential e-mails.
Which of the following be MOST effective in reducing the financial impact following a security breach leading to data disclosure?
- A business continuity plan (BCP)
- Backup and recovery strategy
- A data loss prevention (DLP) solution
- An incident response plan
Which of the following BEST prepares a computer incident response team for a variety of information security scenarios?
- Tabletop exercises
- Forensics certification
- Penetration tests
- Disaster recovery drills
Which of the following BEST facilitates the effective execution of an incident response plan?
- The response team is trained on the plan.
- The plan is based on risk assessment results.
- The incident response plan aligns with the IT disaster recovery plan.
- The plan is based on industry best practice.
An information security manager developing an incident response plan MUST ensure it includes:
- an inventory of critical data
- criteria for escalation
- critical infrastructure diagrams
- a business impact analysis
In a cloud technology environment, which of the following would pose the GREATEST challenge to the investigation of security incidents?
- Access to the hardware
- Data encryption
- Non-standard event logs
- Compressed customer data
What is the MAIN reason for an organization to develop an incident response plan?
- Trigger immediate recovery procedures.
- Identify training requirements for the incident response team.
- Prioritize treatment based on incident criticality.
- Provide a process for notifying stakeholders of the incident.
Who is MOST important to include when establishing the response process for a significant security breach that would impact the IT infrastructure and cause customer data loss?
- An independent auditor for identification of control deficiencies
- A damage assessment expert for calculating losses
- A forensics expert for evidence management
- A penetration tester to validate the attack
An information security manager has been asked to determine whether an information security initiative has reduced risk to an acceptable level. Which of the following activities would provide the BEST information for the information security manager to draw a conclusion?
- Initiating a cost-benefit analysis of the implemented controls
- Reviewing the risk register
- Conducting a business impact analysis (BIA)
- Performing a risk assessment
With limited resources in the information security department, which of the following is the BEST approach for managing security risk?
- Implement technical solutions to automate security management activities.
- Prioritize security activities and report to management.
- Hire additional information security staff.
- Engage a third-party company to provide security support.
When an information security manager presents an information security program status report to senior management, the MAIN focus should be:
- critical risks indicators.
- key controls evaluation.
- key performance indicators (KPIs).
- net present value (NPV).
Reviewing which of the following would provide the GREATEST input to the asset classification process?
- Risk assessment
- Replacement cost of the asset
- Sensitivity of the data
- Compliance requirements
Which of the following should be an information security manager’s MOST important concern to ensure admissibility of information security evidence from cyber crimes?
- Chain of custody
- Tools used for evidence analysis
- Forensics contractors
- Efficiency of the forensics team
Which of the following information security metrics is the MOST difficult to quantify?
- Cost of security incidents prevented
- Percentage of controls mapped to industry frameworks
- Extent of employee security awareness
- Proportion of control costs to asset value
Executive leadership has decided to engage a consulting firm to develop and implement a comprehensive security framework for the organization to allow senior management to remain focused on business priorities. Which of the following poses the GREATEST challenge to the successful implementation of a new security governance framework?
- Information security management does not fully accept the responsibility for information security governance.
- Executive leadership views information security governance primarily as a concern of the information security management team.
- Information security staff has little or no experience with the practice of information security governance.
- Executive leadership becomes involved in decisions about information security governance.
Which of the following is the MOST effective way to ensure information security policies are followed?
- Require sign-off on acceptable use policies.
- Require regular security awareness training.
- Provide detailed security procedures.
- Perform a gap analysis.
Which of the following is the MOST effective way to address an organization’s security concerns during contract negotiations with a third party?
- Ensure security is involved in the procurement process.
- Communicate security policy with the third-party vendor.
- Review the third-party contract with the organization’s legal department.
- Conduct an information security audit on the third-party vendor.
Which of the following is the BEST method to ensure that data owners take responsibility for implementing information security processes?
- Include security tasks into employee job descriptions.
- Include membership on project teams.
- Provide job rotation into the security organization.
- Increase security awareness training.
Organization XYZ, a lucrative, Internet-only business, recently suffered a power outage that lasted two hours. The organization’s data center was unavailable in the interim. In order to mitigate risk in the MOST cost-efficient manner, the organization should:
- plan to operate at a reduced capacity from the primary place of business.
- create an IT hot site with immediate fail-over capability.
- install an uninterruptible power supply (UPS) and generator.
- set up a duplicate business center in a geographically separate area.
Which of the following is the MAIN benefit of performing an assessment of existing incident response processes?
- Identification of threats and vulnerabilities
- Prioritization of action plans
- Validation of current capabilities
- Benchmarking against industry peers