Course Hero Logo

Perform a business impact analysis b determine daily

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 309 - 314 out of 886 pages.

perform a business impact analysis.B.determine daily downtime cost.C.analyze cost metrics.D.conduct a risk assessment.Answer: AExplanation:QUESTION NO: 535In a large organization, defining recovery time objectives (RTOs) isPRIMARILYthe responsibilityof:A.the IT manager.Isaca CISM Exam"Pass Any Exam. Any Time." - 309
B.the information security manager.C.the business unit manager.D.senior manager.Answer: DExplanation:QUESTION NO: 536Which metric is theBESTindicator that an update to an organization’s information securityawareness strategy is effective?A.A decrease in the number of incidents reported by staffB.A decrease in the number of email viruses detectedC.An increase in the number of email viruses detectedD.An increase in the number of incidents reported by staffAnswer: AExplanation:QUESTION NO: 537An organization involved in e-commerce activities operating from its home country opened a newoffice in another country with stringent security laws. In this scenario, the overall security strategyshould be based on:A.Isaca CISM Exam"Pass Any Exam. Any Time." - 310
risk assessment results.B.international security standards.C.the most stringent requirements.D.the security organization structure.Answer: DExplanation:QUESTION NO: 538Which of the following is thePRIMARYreason to conduct periodic business impact assessments?A.Improve the results of last business impact assessmentB.Update recovery objectives based on new risksC.Decrease the recovery timesD.Meet the needs of the business continuity policyAnswer: BExplanation:QUESTION NO: 539Which of the following is theBESTapproach to make strategic information security decisions?A.Establish an information security steering committee.Isaca CISM Exam"Pass Any Exam. Any Time." - 311
B.Establish periodic senior management meetings.C.Establish regular information security status reporting.D.Establish business unit security working groups.Answer: DExplanation:QUESTION NO: 540Which if the following would be theMOSTimportant information to include in a business case foran information security project in a highly regulated industry?A.Compliance risk assessmentB.Critical audit findingsC.Industry comparison analysisD.Number of reported security incidentsAnswer: AExplanation:QUESTION NO: 541Which of the following should be ofMOSTconcern to an information security manager reviewingan organization’s data classification program?A.The program allows exceptions to be granted.Isaca CISM Exam"Pass Any Exam. Any Time." - 312
B.Labeling is not consistent throughout the organization.C.Data retention requirement are not defined.D.The classifications do not follow industry best practices.Answer: BExplanation:QUESTION NO: 542Which of the following would theBESTdemonstrate the added value of an information securityprogram?

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 886 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Spring
Professor
NoProfessor
Tags

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture