Last Updated on October 26, 2022 by InfraExam
CISM : Certified Information Security Manager : Part 75
Which of the following has the GREATEST influence on an organization’s information security strategy?
- The organization’s risk tolerance
- The organizational structure
- Information security awareness
- Industry security standards
The department head of application development has decided to accept the risks identified in a recent assessment. No recommendations will be implemented, even though the recommendations are required by regulatory oversight. What should the information security manager do NEXT?
- Formally document the decision.
- Review the risk monitoring plan.
- Perform a risk reassessment.
- Implement the recommendations.
Which of the following is the BEST reason for reevaluating an information security program?
- Ineffectiveness of the information security strategy execution
- Misalignment between information security priorities and business objectives
- Change in senior management
- Noncompliance with information security policies and procedures
For an enterprise implementing a bring your own device (BYOD) program, which of the following would provide the BEST security of corporate data residing on unsecured mobile devices?
- Acceptable use policy
- Device certification process
- Containerization solution
- Data loss prevention (DLP)
To integrate security into system development life cycle (SDLC) processes, an organization MUST ensure that security:
- is represented on the configuration control board.
- performance metrics have been met.
- roles and responsibilities have been defined.
- is a prerequisite for completion of major phases.
When facilitating the alignment of corporate governance and information security governance, which of the following is the MOST important role of an organization’s security steering committee?
- Obtaining support for the integration from business owners
- Defining metrics to demonstrate alignment
- Obtaining approval for the information security budget
- Evaluating and reporting the degree of integration
Which of the following is the PRIMARY purpose of establishing an information security governance framework?
- To minimize security risks
- To proactively address security objectives
- To reduce security audit issues
- To enhance business continuity planning
When developing an escalation process for an incident response plan, the information security manager should PRIMARILY consider the:
- media coverage.
- availability of technical resources.
- incident response team.
- affected stakeholders.
Which of the following would be the BEST way for an information security manager to justify ongoing annual maintenance fees associated with an intrusion prevention system (IPS)?
- Perform a penetration test to demonstrate the ability to protect.
- Perform industry research annually and document the overall ranking of the IPS.
- Establish and present appropriate metrics that track performance.
- Provide yearly competitive pricing to illustrate the value of the IPS.
An organization utilizes a third party to classify its customers’ personally identifiable information (PII). What is the BEST way to hold the third party accountable for data leaks?
- Include detailed documentation requirements within the formal statement of work.
- Submit a formal request for proposal (RFP) containing detailed documentation of requirements.
- Ensure a nondisclosure agreement is signed by both parties’ senior management.
- Require the service provider to sign off on the organization’s acceptable use policy.
Which of the following should be done FIRST when handling multiple confirmed incidents raised at the same time?
- Activate the business continuity plan (BCP).
- Update the business impact assessment.
- Inform senior management.
- Categorize incidents by the value of the affected asset.
An information security manager has been tasked with developing materials to update the board, regulatory agencies, and the media about a security incident. Which of the following should the information security manager do FIRST?
- Invoke the organization’s incident response plan.
- Set up communication channels for the target audience.
- Determine the needs and requirements of each audience.
- Create a comprehensive singular communication.
When establishing classifications of security incidents for the development of an incident response plan, which of the following provides the MOST valuable input?
- Recommendations from senior management
- The business continuity plan (BCP)
- Business impact analysis (BIA) results
- Vulnerability assessment results
An organization’s information security manager is performing a post-incident review of a security incident in which the following events occurred:
– A bad actor broke into a business-critical FTP server by brute forcing an administrative password
– The third-party service provider hosting the server sent an automated alert message to the help desk, but was ignored
– The bad actor could not access the administrator console, but was exposed to encrypted data transferred to the server
– After three (3) hours, the bad actor deleted the FTP directory causing incoming FTP attempts by legitimate customers to fail
Which of the following poses the GREATEST risk to the organization related to this event?
- Removal of data
- Downtime of the service
- Disclosure of stolen data
- Potential access to the administration console
An information security manager has discovered a potential security breach in a server that supports a critical business process. Which of the following should be the information security manager’s FIRST course of action?
- Shut down the server in an organized manner.
- Validate that there has been an incident.
- Inform senior management of the incident.
- Notify the business process owner.
An information security manager has been alerted to a possible incident involving a breach at one of the organization’s vendors. Which of the following should be done FIRST?
- Discontinue the relationship with the vendor.
- Perform incident recovery.
- Perform incident eradication.
- Engage the incident response team.
Which of the following BEST enables a more efficient incident reporting process?
- Training executive management for communication with external entities
- Educating the incident response team on escalation procedures
- Educating IT teams on compliance requirements
- Training end users to identify abnormal events
After a security incident has been contained, which of the following should be done FIRST?
- Conduct forensic analysis
- Notify local authorities
- Restore the affected system from backup
- Perform a complete wipe of the affected system
Which of the following is MOST important for effective communication during incident response?
- Maintaining a relationship with media and law enforcement
- Maintaining an updated contact list
- Establishing a recovery time objective (RTO)
- Establishing a mean time to resolve (MTTR) metric
Which of the following would be the MOST effective incident response team structure for an organization with a large headquarters and worldwide branch offices?