Quiz CISM

Quiz CISM, Certified Information Security Manager

Which of (lie following would be the MOST relevant factor when defining the information classification policy?

To determine the selection of controls required to meet business objectives, an information security manager should:

The MOST appropriate owner of customer data stored in a central database, used only by an organization’s sales department, would be the:

In assessing the degree to which an organization may be affected by new privacy legislation, information security management should FIRST:

Risk assessment is MOST effective when performed:

Which of the following is the MAIN reason for performing risk assessment on a continuous basis’?

Which of the following should be carried out FIRST to mitigate the risk during this time period?

Which of the following security activities should be implemented in the change management process to identify key vulnerabilities introduced by changes?

Which of the following techniques MOST clearly indicates whether specific risk-reduction controls should be implemented?

This is an example of: