Instant Access ISACA.CISM.v2024-03-13.q421 Actual Practice Test Engine for Free (Page 16)

Question 71

An organization with a maturing incident response program conducts post-incident reviews for all major information security incidents. The PRIMARY goal of these reviews should be to:

A.identify security program gaps or systemic weaknesses that need correction.
B.identify who should be held accountable for the security incidents.
C.document and report the root cause of the incidents for senior management.
D.prepare properly vetted notifications regarding the incidents to external parties.

Question 72

The chief information security officer (CISO) should ideally have a direct reporting relationship to the:

A.head of internal audit.
B.chief operations officer (COO).
C.chief technology officer (CTO).
D.legal counsel.

Question 73

Which of the following is the MOST effective approach of delivering security incident response training?

A.Perform role-playing exercises to simulate real-world incident response scenarios.
B.Include incident response training within new staff orientation.
C.Engage external consultants to present real-world examples within the industry.
D.Provide on-the-job training and mentoring for the incident response team.

Question 74

Senior management has launched an enterprise-wide initiative to streaming internal processes to reduce costs, including security processes. What should the information security manager rely on MOST
to allocate resources efficiently?

A.Risk classification
B.Capability maturity assessment
C.Internal audit reports
D.Return on investment (ROI)

Question 75

To effectively manage an organization's information security risk, it is MOST important to:

A.establish and communicate risk tolerance.
B.benchmark risk scenarios against peer organizations.
C.periodically identify and correct new systems vulnerabilities.
D.assign risk management responsibility to end users.

Question 71

Question 72

Question 73

Question 74

Question 75

Download PDF File