The BEST way to justify the implementation of a single sign-on (SSO) product is to use:
Answer(s): D
A business case shows both direct and indirect benefits, along with the investment required and the expected returns, thus making it useful to present to senior management. Return on investment (ROD would only provide the costs needed to preclude specific risks, and would not provide other indirect benefits such as process improvement and learning. A vulnerability assessment is more technical in nature and would only identify and assess the vulnerabilities. This would also not provide insights on indirect benefits. Annual loss expectancy (ALE) would not weigh the advantages of implementing single sign-on (SSO) in comparison to the cost of implementation.
The FIRST step in establishing a security governance program is to:
The establishment of a security governance program is possible only with the support and sponsorship of top management since security governance projects are enterprise wide and integrated into business processes. Conducting a risk assessment, conducting a workshop for all end users and preparing a security budget all follow once high-level sponsorship is obtained.
An IS manager has decided to implement a security system to monitor access to the Internet and prevent access to numerous sites. Immediately upon installation, employees Hood the IT helpdesk with complaints of being unable to perform business functions on Internet sites. This is an example of:
Answer(s): A
The needs of the organization were not taken into account, so there is a conflict. This example is not strong protection; it is poorly configured. Implementing appropriate controls to reduce risk is not an appropriate control as it is being used. This does not prove the ability to protect, but proves the ability to interfere with business.
An organization's information security strategy should be based on:
Organizations must manage risks to a level that is acceptable for their business model, goals and objectives. A zero-level approach may be costly and not provide the effective benefit of additional revenue to the organization. Long-term maintenance of this approach may not be cost effective. Risks vary as business models, geography, and regulatory- and operational processes change. Insurance covers only a small portion of risks and requires that the organization have certain operational controls in place.
Which of the following should be included in an annual information security budget that is submitted for management approval?
A brief of the benefit of expenditures in the budget helps to convey the context of how the purchases that are being requested meet goals and objectives, which in turn helps build credibility for the information security function or program. s of benefits also help engage senior management in the support of the information security program. While the budget should consider all inputs and recommendations that are received from the business, the budget that is ultimately submitted to management for approval should include only those elements that are intended for purchase. TCO may be requested by management and may be provided in an addendum to a given purchase request, but is not usually included in an annual budget.Baseline comparisons (cost comparisons with other companies or industries) may be useful in developing a budget or providing justification in an internal review for an individual purchase, but would not be included with a request for budget approval.
Share your comments for ISACA CISM exam with other users:
not bad but you question database from isaca
awesome contents
answer to 134 is casb. while data loss prevention is the goal, in order to implement dlp in cloud applications you need to deploy a casb.
are these brain dumps sufficient enough to go write exam after practicing them? or does one need more material this wont be enough?
i did attend the required cources and i need to be sure that i am ready to take the exam, i would ask you please to share the questions, to be sure that i am fit to proceed with taking the exam.
why only give explanations on some, and not all questions and their respective answers?
refresh db knowledge
interested for sap certification
could you please upload practice questions for scr exam ?
please upload free oracle cloud infrastructure 2023 foundations associate exam braindumps
sweating! they are tricky
i never use these dumps sites but i had to do it for this exam as it is impossible to pass without using these question dumps.
good practice and well sites.
passed my first exam last week and pass the second exam this morning. thank you sir for all the help and these brian dumps.
does anyone who attended exam csa 8.8, can confirm these questions are really coming ? or these are just for practicing?
kindly share the dumps
very nice content
passed today
hi can you please upload questions
please upload quetions
i passed my exam thanks to this braindumps questions. these questions are valid in us and i highly recommend it!
are they truely latest
questions appear contemporary.
good to prepare in this site
very helpful to crack first attempt
please upload this exam
please upload the c_activate22 dump questions with answer
q10 - the answer should be a. if its c, the criteria will meet if either the prospect is not part of the suppression lists or if the job title contains vice president
this was on the exam as of 1211/2023
great for prep
i think in question 7 the first answer should be power bi portal (not power bi)
on question 10 and so far 2 wrong answers as evident in the included reference link.
wonderful material
i passed!! ...but barely! got 728, but needed 720 to pass. the exam hit me with labs right out of the gate! then it went to multiple choice. protip: study the labs!