A risk management program would be expected to:
Answer(s): B
The object of risk management is to ensure that all residual risk is maintained at a level acceptable to the business; it is not intended to remove every identified risk or implement controls for every threat since this may not be cost-effective. Control risk, i.e., that a control may not be effective, is a component of the program but is unlikely to be reduced to zero.
Risk assessment should be built into which of the following systems development phases to ensure that risks are addressed in a development project?
Answer(s): D
Risk should be addressed as early as possible in the development cycle. The feasibility study should include risk assessment so that the cost of controls can be estimated before the project proceeds. Risk should also be considered in the specification phase where the controls are designed, but this would still be based on the assessment carried out in the feasibility study. Assessment would not be relevant in choice A or C.
Which of the following would help management determine the resources needed to mitigate a risk to the organization?
The business impact analysis (BIA) determines the possible outcome of a risk and is essential to determine the appropriate cost of control. The risk analysis process provides comprehensive data, but does not determine definite resources to mitigate the risk as does the BIA. The risk management balanced scorecard is a measuring tool for goal attainment. A risk-based audit program is used to focus the audit process on the areas of greatest importance to the organization.
A global financial institution has decided not to take any further action on a denial of service (DoS) risk found by the risk assessment team. The MOST likely reason they made this decision is that:
Answer(s): C
An organization may decide to live with specific risks because it would cost more to protect themselves than the value of the potential loss. The safeguards need to match the risk level. While countermeasures could be too complicated to deploy, this is not the most compelling reason. It is unlikely that a global financial institution would not be exposed to such attacks and the frequency could not be predicted.
Which would be one of the BEST metrics an information security manager can employ to effectively evaluate the results of a security program?
Control objectives are directly related to business objectives; therefore, they would be the best metrics. Number of controls implemented does not have a direct relationship with the results of a security program. Percentage of compliance with the security policy and reduction in the number of security incidents are not as broad as choice B.
Share your comments for ISACA CISM exam with other users:
ques 4 answer should be c ie automatically recover from failure
very very useful page
the exams are giving me an eye opener
3rd so far, need to cover more
aligns with the pecd notes
question 4: b securityadmin is the correct answer. https://docs.snowflake.com/en/user-guide/security-access-control-overview#access-control-framework
kindly please share dumps
it is very useful, thank you
need safe rte dumps
can you upload the cis - cpg dumps
q6 = 1. download odt application 2. create a configuration file (xml) 3. setup.exe /download to download the installation files 4. setup.exe /configure to deploy the application
great material
could you please upload sap c_arsor_2302 questions? it will be very much helpful.
vraag 20c: rsa veilig voor symmtrische cryptografie? antwoord c is toch fout. rsa is voor asymmetrische cryptogafie??
so far good
question 31 has obviously wrong answers. tls and ssl are used to encrypt data at transit, not at rest.
pls provide dump for 1z0-1080-23 planning exams
could you please upload the exam?
please upload this
good material
lets see if this is good stuff...
useful information
intéressant
thank you for making the interactive questions
questions are accurate
i need questions/dumps for this exam.
i need this exam, when will it be uploaded
i need the dumps !
very helpful
good source
my 3rd test and passed on first try. hats off to this brain dumps site.
please upload it
does anybody know if are these real exam questions?
are these questions similar to actual questions in the exam? because they seem to be too easy