Study tips CISM

The MOST appropriate owner of customer data stored in a central database, used only by an organization’s sales department, would be the:

To determine the selection of controls required to meet business objectives, an information security manager should:

Which of the following would be the MOST relevant factor when defining the information classification policy?

The PRIMARY reason for initiating a policy exception process is when:

When a significant security breach occurs, what should be reported FIRST to senior management?

The information security manager should recommend to business management that the risk be:

Who is responsible for ensuring that information is classified?

What does a network vulnerability assessment intend to identify?

One way to determine control effectiveness is by determining:

Which of the following would be MOST relevant to include in a cost-benefit analysis of a two-factor authentication system?