CISM - Information Security Governance, Strategy, Objectives & Metrics Exam with complete solution; Latest 2022
B is the correct answer.
Justification
The task of identifying business risk that affects the organiz
...
CISM - Information Security Governance, Strategy, Objectives & Metrics Exam with complete solution; Latest 2022
B is the correct answer.
Justification
The task of identifying business risk that affects the organization is assigned and acted on after establishing the need for creating the program.
In developing an information security management program, the first step is to establish the need for creating the program. This is a business decision based more on judgment than on any specific quantitative measures. The other choices are assigned and acted on after establishing the need.
The task of assigning responsibility for the program is assigned and acted on after establishing the need for creating the program.
The task of assessing the adequacy of existing controls is assigned and acted on after establishing the need for creating the program. - The FIRST step in developing an information security management program is to:
identify business risk that affects the organization.
establish the need for creating the program.
assign responsibility for the program.
assess adequacy of existing controls.
B is the correct answer.
Justification
Centralized information security management is generally less expensive to administer due to the economies of scale.
Centralization of information security management results in greater uniformity and better adherence to security policies.
With centralized information security management, information security is typically less responsive to specific business unit needs.
With centralized information security management, turnaround can be slower due to greater separation and more bureaucracy between the information security department and end users. - Which of the following is characteristic of centralized information security management?
More expensive to administer
Better adherence to policies
More aligned with business unit needs
Faster turnaround of requests
C is the correct answer.
Justification
Uniformity in quality of service tends to vary from unit to unit.
Adherence to policies is likely to vary considerably between various business units.
Decentralization of information security management generally results in better alignment to business unit needs because security management is closer to the end user.
Decentralization of information security management is generally more expensive to administer due to the lack of economies of scale. - Which of the following is characteristic of decentralized information security management across a geographically dispersed organization?
More uniformity in quality of service
Better adherence to policies
Better alignment to business unit needs
More savings in total operating costs
C is the correct answer.
Justification
The number of employees has little or no effect on standard information security governance models.
The distance between physical locations has little or no effect on standard information security governance models.
Information security governance models are highly dependent on the overall organizational structure. Some of the elements that impact organizational structure are multiple missions and functions across the organization, leadership and lines of communication.
Organizational budget may have some impact on suitable governance models depending on the one chosen because some models will be more costly to implement. - What will have the HIGHEST impact on standard information security governance models?
[Show More]
