The chief information security officer (CISO) should ideally have a direct reporting relationship to the:
Answer(s): B
The chief information security officer (CISO) should ideally report to as high a level within the organization as possible. Among the choices given, the chief operations officer (COO) would have not only the appropriate level but also the knowledge of day-to-day operations. The head of internal audit and legal counsel would make good secondary choices, although they would not be as knowledgeable of the operations. Reporting to the chief technology officer (CTO) could become problematic as the CTO's goals for the infrastructure might, at times, run counter to the goals of information security.
Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?
Answer(s): D
Developing a strategy paper on information security would be the most appropriate. Approving access would be the job of the data owner. Updating platform-level security and conducting recovery test exercises would be less essential since these are administrative tasks.
Developing a successful business case for the acquisition of information security software products can BEST be assisted by:
Answer(s): C
Calculating the return on investment (ROI) will most closely align security with the impact on the bottom line. Frequency and cost of incidents are factors that go into determining the impact on the business but, by themselves, are insufficient. Comparing spending against similar organizations can be problematic since similar organizations may have different business goals and appetites for risk.
When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:
Any planning for information security should be properly aligned with the needs of the business. Technology should not come before the needs of the business, nor should planning be done on an artificial timetable that ignores business needs.
Which of the following is the MOST important information to include in a strategic plan for information security?
It is most important to paint a vision for the future and then draw a road map from the stalling point to the desired future state. Staffing, capital investment and the mission all stem from this foundation.
Share your comments for ISACA CISM exam with other users:
good questions
q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes
very nice very nice
please help us with 1z0-1107-2 dumps
please upload the practice questions
need this dumps
preparing for this exam is overwhelming. you cannot pass without the help of these exam dumps.
new to this site but i feel it is good
the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.
Delayed the exam until December 29th.
A and D are True
good one with explanation
This is one of the most useful study guides I have ever used.