CA Foundation Business Economics Questions 2023 - Part 32
Fri, 03 Mar 2023
Inspirational journeys
Follow the stories of academics and their research expeditions
CISM—Certified Information Security Manager - Part 6
1. Which of the following are seldom changed in response to technological changes?
A) Standards
B) Procedures
C) Policies
D) Guidelines
2. The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:
A) storage capacity and shelf life.
B) regulatory and legal requirements.
C) business strategy and direction.
D) application systems and media.
3. Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?
A) More uniformity in quality of service
B) Better adherence to policies
C) Better alignment to business unit needs
D) More savings in total operating costs
4. Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?
A) Chief security officer (CSO)
B) Chief operating officer (COO)
C) Chief privacy officer (CPO)
D) Chief legal counsel (CLC)
5. Which of the following would be the MOST important goal of an information security governance program?
A) Review of internal control mechanisms
B) Effective involvement in business decision making
C) Total elimination of risk factors
D) Ensuring trust in data
A) Standards
B) Procedures
C) Policies
D) Guidelines
2. The MOST important factor in planning for the long-term retention of electronically stored business records is to take into account potential changes in:
A) storage capacity and shelf life.
B) regulatory and legal requirements.
C) business strategy and direction.
D) application systems and media.
3. Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?
A) More uniformity in quality of service
B) Better adherence to policies
C) Better alignment to business unit needs
D) More savings in total operating costs
4. Which of the following is the MOST appropriate position to sponsor the design and implementation of a new security infrastructure in a large global enterprise?
A) Chief security officer (CSO)
B) Chief operating officer (COO)
C) Chief privacy officer (CPO)
D) Chief legal counsel (CLC)
5. Which of the following would be the MOST important goal of an information security governance program?
A) Review of internal control mechanisms
B) Effective involvement in business decision making
C) Total elimination of risk factors
D) Ensuring trust in data
1. Right Answer: C
Explanation: Policies are high-level statements of objectives. Because of their high-level nature and statement of broad operating principles, they are less subject to periodic change. Security standards and procedures as well as guidelines must be revised and updated based on the impact of technology changes.
2. Right Answer: D
Explanation: Long-term retention of business records may be severely impacted by changes in application systems and media. For example, data stored in nonstandard formats that can only be read and interpreted by previously decommissioned applications may be difficult, if not impossible, to recover. Business strategy and direction do not generally apply, nor do legal and regulatory requirements. Storage capacity and shelf life are important but secondary issues.
3. Right Answer: C
Explanation: Decentralization of information security management generally results in better alignment to business unit needs. It is generally more expensive to administer due to the lack of economies of scale. Uniformity in quality of service tends to vary from unit to unit.
4. Right Answer: B
Explanation: The chief operating officer (COO) is most knowledgeable of business operations and objectives. The chief privacy officer (CPO) and the chief legal counsel (CLC) may not have the knowledge of the day- to-day business operations to ensure proper guidance, although they have the same influence within the organization as the COO. Although the chief security officer (CSO) is knowledgeable of what is needed, the sponsor for this task should be someone with far-reaching influence across the organization.
5. Right Answer: D
Explanation: The development of trust in the integrity of information among stakeholders should be the primary goal of information security governance. Review of internal control mechanisms relates more to auditing, while the total elimination of risk factors is not practical or possible. Proactive involvement in business decision making implies that security needs dictate business needs when, in fact, just the opposite is true. Involvement in decision making is important only to ensure business data integrity so that data can be trusted.
Explanation: Policies are high-level statements of objectives. Because of their high-level nature and statement of broad operating principles, they are less subject to periodic change. Security standards and procedures as well as guidelines must be revised and updated based on the impact of technology changes.
2. Right Answer: D
Explanation: Long-term retention of business records may be severely impacted by changes in application systems and media. For example, data stored in nonstandard formats that can only be read and interpreted by previously decommissioned applications may be difficult, if not impossible, to recover. Business strategy and direction do not generally apply, nor do legal and regulatory requirements. Storage capacity and shelf life are important but secondary issues.
3. Right Answer: C
Explanation: Decentralization of information security management generally results in better alignment to business unit needs. It is generally more expensive to administer due to the lack of economies of scale. Uniformity in quality of service tends to vary from unit to unit.
4. Right Answer: B
Explanation: The chief operating officer (COO) is most knowledgeable of business operations and objectives. The chief privacy officer (CPO) and the chief legal counsel (CLC) may not have the knowledge of the day- to-day business operations to ensure proper guidance, although they have the same influence within the organization as the COO. Although the chief security officer (CSO) is knowledgeable of what is needed, the sponsor for this task should be someone with far-reaching influence across the organization.
5. Right Answer: D
Explanation: The development of trust in the integrity of information among stakeholders should be the primary goal of information security governance. Review of internal control mechanisms relates more to auditing, while the total elimination of risk factors is not practical or possible. Proactive involvement in business decision making implies that security needs dictate business needs when, in fact, just the opposite is true. Involvement in decision making is important only to ensure business data integrity so that data can be trusted.
Tags:
it certification certified it it exams isaca certification isaca cgeit isaca cisa isaca cism isaca cobit 5 isaca crisc isaca questions practice exams pratice quests risc maangement it management it questions isaca answers isaca practice isaca dumps isaca test test questions questins and answer explanation0 Comments
Categories
Recent posts
CA Foundation Business Economics Questions 2023 - Part 31
Fri, 03 Mar 2023
CA Foundation Business Economics Questions 2023 - Part 30
Fri, 03 Mar 2023
Leave a comment