Certified Information Security Manager - Chapter 3 Questions and Answers (100% Correct)

©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 1 Certified Information Security Manager - Chapter 3 Questions and Answers (100% Correct) 3.0 INTRODUCTION What is the purpose of the information security program? - Answer️️ -The purpose of the infosec prg is to execute the strategy and achieve the org objectives for acceptable levels of risk and business disruption. 3.0 INTRODUCTION What is the road map based on? What is done to create it (high level)? - Answer️️ -Roadmap is made based on strategy. Set high level objectives or goals and desired outcomes with a plan to achieve.. 3.0 INTRODUCTION What is in a roadmap? What is it used for? - Answer️️ -Roadmaps are a plan that has detailed steps to achieve goals/obj in strategy. The plans include activities required to manage, maintain, and improve cost- effectiveness of the prg ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 2 3.0 INTRODUCTION For management to be effective, this needs to be done _________________. - Answer️️ -For management to be effective, good metrics and monitor need to be done. 3.0 INTRODUCTION For management to be effective, what else must be monitored, in addition metrics at the operational, tactical, and strategic levels? - Answer️️ -For management to be effective, what else needs to be monitoring in addition to metrics at the operational, tactical, and strategic levels? 1. Essential controls 2. Key risk indicators to warn of change risk 3. Internal and external environments 4. Compliance with policies and standards 3.0 INTRODUCTION What are the main levels in which metrics must be monitored? - Answer️️ - Metrics must be monitored at the operational, tactical, and strategic levels. ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 3 3.1 INFORMATION SECURITY MGMT OVERVIEW What does infosec prg include? - Answer️️ -Infosec prgm encompasses all activities and resources that provide infosec services to an org. These primarily include 1. Design 2. Development 3. Integration of enterprise wide controls related to infosec 4. Ongoing administration and mgmt of ctrls 3.1 INFORMATION SECURITY MGMT OVERVIEW What skills will ISM need to gain expertise in? - Answer️️ -ISMs will need to gain skills in 1. Budgeting 2. Planning 3. Business case development 4. Recruiting ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 4 5. Other personnel related functions 3.1 INFORMATION SECURITY MGMT OVERVIEW What are the three essential elements to a program? - Answer️️ -Design, implementation, and management 1. Prg must be executed in close alignment with infosec strategy. Must meet supporting org objectives 2. Prg must be designed with support from mgmt and stakeholders 3. Metrics must be developed for prg design, implementation, and ongoing prg mgmt phases to determine if prg is doing well. 3.1 INFORMATION SECURITY MGMT OVERVIEW