Home > Information Security > Quizzes > CISM: Certified Information Security Manager
CISM: Certified Information Security Manager
Fast practice, instant feedback. Timer auto-submits when time’s up.
Avg score: 45% Most missed: “A repository of historical data organized by subject to support decision makers …”
CISM: Certified Information Security Manager
Time left 00:00
25 Questions

1. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.

2. Helps to define the minimum acceptable security that will be implemented to protect the information resources in accordance with the respective criticality levels.

3. Uses security metrics to measure the performance of the information security program.

4. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.

5. Cannot be minimized

6. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.

7. Used to understand the flow of one process into another.

8. A function of the session keys distributed by the PKI.

9. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.

10. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.

11. A repository of historical data organized by subject to support decision makers in the org

12. Oversees the overall classification management of the information.

13. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.

14. It is important to achieve ____________________ - and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization.

15. Information security governance models are highly dependent on the _____________________.

16. Any event or action that could cause a loss of or damage to computer hardware - software - data - information - or processing capability

17. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.

18. Someone who uses email as a vehicle for extortion; send company threatening emails indicating they will expose confidential information - exploit security launch - etc.

19. Focuses on identifying vulnerabilities.

20. A Successful risk management should lead to a ________________.

21. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.

22. Only valid if assets have first been identified and appropriately valued.

23. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.

24. Involves the correction of software weaknesses and would necessarily follow change management procedures.

25. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.