Online Access Free CISM Exam Questions

Which of the following is the responsibility of a risk owner?

• A.Evaluating control effectiveness
• B.Approving the selection of risk mitigation measures
• C.Approving risk treatment plans
• D.Implementing risk treatment plan activities with control owners

Embedding security responsibilities into job descriptions is important PRIMARILY because it:

• A.strengthens employee accountability.
• B.simplifies development of the security awareness program.
• C.aligns security to the human resources (HR) function.
• D.supports access management.

Which of the following is MOST helpful in determining whether a phishing email is malicious?

• A.Security awareness training
• B.Reverse engineering
• C.Threat intelligence
• D.Sandboxing

To ensure the information security of outsourced IT services, which of the following is the MOST critical due diligence activity?

• A.Request the service provider comply with information security policy.
• B.Review a recent independent audit report of the service provider.
• C.Review samples of service level reports from the service provider.
• D.Assess the level of security awareness of the service provider.

Which of the following should be an information security manager's FIRST course of action when one of the organization's critical third-party providers experiences a data breach?

• A.Inform customers of the breach.
• B.Monitor the third party's response.
• C.Invoke the incident response plan.
• D.Inform the public relations officer.