PHP-Fusion Powered Website - Articles: Isaca- CISM

Users Online

· Guests Online: 101

· Members Online: 0

· Total Members: 188
· Newest Member: meenachowdary055

Forum Threads

Newest Threads

No Threads created

Hottest Threads

No Threads created

Latest Articles

· Do while loop
· The for loop in C
· C while loop
· Pointers in C
· Functions in C

Oh no! Where's the JavaScript?
Your Web browser does not have JavaScript enabled or does not support JavaScript. Please enable JavaScript on your Web browser to properly view this Web site,
or upgrade to a Web browser that does support JavaScript; Firefox, Safari, Opera, Chrome or a version of Internet Explorer newer then version 6.

Articles Hierarchy

Articles Home » CISA » Isaca- CISM

Isaca- CISM

Question ID 16812
An information security manager must understand the relationship between information
security and business operations in order to:

Option A
support organizational objectives.

Option B
determine likely areas of noncompliance.

Option C
assess the possible impacts of compromise.

Option D
understand the threats to the business.

Correct Answer A

Description Explanation: Security exists to provide a level of predictability for operations, support for the activities of the organization and to ensure preservation of the organization. Business operations must be the driver for security activities in order to set meaningful objectives, determine and manage the risks to those activities, and provide a basis to measure the effectiveness of and provide guidance to the security program. Regulatory compliance may or may not be an organizational requirement. If compliance is a requirement, some level of compliance must be supported but compliance is only one aspect. It is necessary to understand the business goals in order to assess potential impacts and evaluate threats. These are some of the ways in which security supports organizational objectives, but they are not the only ways.
Update Date and Time 2017-12-29 04:36:18

Question ID 16813
Which of the following should be the FIRST step in developing an information security
plan?

Option A
Perform a technical vulnerabilities assessment

Option B
Analyze the current business strategy

Option C
Perform a business impact analysis

Option D
Assess the current levels of security awareness

Correct Answer B

Description Explanation: Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.
Update Date and Time 2017-12-29 04:37:12

Page 4 of 6: 1 2 345 6

Comments

No Comments have been Posted.

Post Comment

Please Login to Post a Comment.

Ratings

Rating is available to Members only.

Please login or register to vote.

No Ratings have been Posted.

Render time: 0.97 seconds

10,829,424 unique visits

Question ID 16812	An information security manager must understand the relationship between information security and business operations in order to:
Option A	support organizational objectives.
Option B	determine likely areas of noncompliance.
Option C	assess the possible impacts of compromise.
Option D	understand the threats to the business.
Correct Answer	A

Question ID 16813	Which of the following should be the FIRST step in developing an information security plan?
Option A	Perform a technical vulnerabilities assessment
Option B	Analyze the current business strategy
Option C	Perform a business impact analysis
Option D	Assess the current levels of security awareness
Correct Answer	B