What aspect of a security review of access would be BEST reported to management?

Number of exceptions identified during security access reviews

Number of security access reviews completed

Number of security reviews performed

One of the objectives in the long term strategy of an organization information security program states that "An effort to improve software development will be undertaken". Which of the following approaches will be least effective at achieving this objective?

Implementing Web Application Firewalls (WAF) and intrusion prevention systems (IPS) as technical controls to protect application from attacks

Provide mandatory secure development training

Implement a policy all new software release packages to be tested and all high critical vulnerabilities remediated

Provide financial incentives for application developers who has achieved reduction in security defects over a timeframe

CISM Domain 3

Authored by John Lee

Professional Development

Used 10+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

10 questions

Show all answers

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which element is the least probable to be included in the charter of an information security program?

Project Schedule

Roles and Responsibilities

Governance Structure

Statement of Scope

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

In an enterprise's information security program, which factor MOST helps in the integrating IT risk with other enterprise risks to achieve a comprehensive risk awareness?

Reporting structure

Third Party Risk management

Physical and Information Architecture

Development of effective metrics

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

An organization has outsourced most of its business applications to service providers. The various departments maintain separate lists of their service providers. Management is concerned that it may led to duplication and overlapping services. What is the FIRST step to take?

Develop a policy that requires all contracts with service providers to be reviewed by the legal department

Create a master list of all the service providers used

Require the procurement department to review all service contracts

Implement a technical control to discover what other third party services are in used

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

Which of the below document apply to the statement "Passwords should be at least 10 characters long and should contain at least 1 upper case letter, lower case letters, at least 1 number and 1 special characters with no consecutive repeating letters and numbers"

Procedure

Guideline

Policy

Standard

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

What is the purpose of tailoring security awareness content for different audiences?

To increase the outreach to different audiences

To cater to the different learning styles of the groups of employees

To have varied messages so that it generate interest

To maximise the effort of content creation

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The organization is embarking on an acquisition of a company. The CISO and the CRO would like to have a IS risk assessment before the deal is finalised. What is the reason?

To understand the cyber risk posture of the target company so that the organization is more prepared to deal with it

To discover compliance risks of the company

To know the cyber risks that may impact the valuation of the company

The CRO would like to know the risks before the company is acquire as he is in charge of all Enterprise Risks

MULTIPLE CHOICE QUESTION

30 sec • 1 pt

The metric "Adverse Impact in Trend Analysis" (AITA) measures the trend in adverse impacts resulting from information security incidents over time. It evaluates the effectiveness of a risk management program in reducing the frequency and impact of incidents to an acceptable level. The metric provides a quantitative analysis of impacts in financial terms, offering insights into the success of the security program in meeting defined objectives and maintaining risk at acceptable levels.

A positive trend suggests an increase in adverse impacts demonstrating the success of the risk management efforts

If there is no increase or decrease in the trend over time, it means that there is no risk.

A negative trend is a reduction in adverse impact signalling an improvement in risk management

Both positive and negative trending allows for adjustment of the risk management program to align with organization objectives

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

10 questions

AWS ACF Módulo 1 - Visão geral dos conceitos de nuvem

Quiz

•

Professional Development

14 questions

Marketing Digital

Quiz

•

Professional Development

15 questions

Labor Relations and Negotations 1

Quiz

•

University - Professi...

10 questions

Gestión de Compras y Contrataciones

Quiz

•

Professional Development

12 questions

2023 Independent Day Quiz

Quiz

•

Professional Development

15 questions

Personal Effectiveness 1

Quiz

•

Professional Development

15 questions

Gangguan Perkembangan Bahasa dan Oromotor

Quiz

•

Professional Development

10 questions

Unnati @ BGS

Quiz

•

Professional Development

Popular Resources on Wayground

7 questions

History of Valentine's Day

Interactive video

•

4th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

15 questions

Valentine's Day Trivia

Quiz

•

3rd Grade

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Professional Development

44 questions

Would you rather...

Quiz

•

Professional Development

CISM Domain 3

Which element is the least probable to be included in the charter of an information security program?

In an enterprise's information security program, which factor MOST helps in the integrating IT risk with other enterprise risks to achieve a comprehensive risk awareness?

An organization has outsourced most of its business applications to service providers. The various departments maintain separate lists of their service providers. Management is concerned that it may led to duplication and overlapping services. What is the FIRST step to take?

Which of the below document apply to the statement "Passwords should be at least 10 characters long and should contain at least 1 upper case letter, lower case letters, at least 1 number and 1 special characters with no consecutive repeating letters and numbers"

What is the purpose of tailoring security awareness content for different audiences?

The organization is embarking on an acquisition of a company. The CISO and the CRO would like to have a IS risk assessment before the deal is finalised. What is the reason?

Metrics needs to provide information at one or more of the 3 levels. Which is not one of them?

What aspect of a security review of access would be BEST reported to management?

One of the objectives in the long term strategy of an organization information security program states that "An effort to improve software development will be undertaken". Which of the following approaches will be least effective at achieving this objective?

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Professional Development