CISM Missed Questions 110-157

Which of the following is the BEST way for an information security manager to identify compliance with information security policies within an organization?. Analyze System logs. Conduct Security awareness testing. Perform vulnerability Assessments. Conduct periodic audits.

Which of the following enables compliance with a nonrepudiation policy requirement for electronic transactions?. Digital Certificates. Digital Signatures. Encrypted Passwords. One-time Passwords.

Which of the following is MOST likely to be included in an enterprise information security policy?. Security Monitoring Strategy. Audit Trail review Requirements. Password Composition Requirements. Consequences of Noncompliance.

Which of the following would be MOST important to consider when implementing security settings for a new system?. Results from internal and external audits. Government regulations and related penalties. Business objectives and related IT risk. Industry best practices applicable to the business.

Senior management commitment and support will MOST likely be offered when the value of information security governance is presented from a: Threat perspective. Compliance Perspective. Risk Perspective. Policy Perspective.

Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee: Conducts frequent reviews of the security policy. Has established relationships with external professionals. Has a clearly defined charter and meeting protocols. Includes a mix of members from all levels of management.

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST: Interview senior management. Conduct a risk assessment. Conduct a cost-benefit analysis. Perform a gap analysis.

Which of the following is the BEST approach for an information security manager to effectively manage third-party risk?. Ensure controls are implemented to address changes in risk. Ensure senior management has approved the vendor relationship. Ensure risk management efforts are commensurate with risk exposure. Ensure vendor governance controls are in place.

Which of the following is MOST critical for an effective information security governance framework?. Board members are committed to the information security program. Information security policies are reviewed on a regular basis. The information security program is continually monitored. The CIO is accountable for the information security program.

When creating information security governance program, which of the following will BEST enable the organization to address regulatory compliance requirements?. Guidelines for processes and procedures. A security control framework. An approved security strategy plan. Input from the security steering committee.