CISM (Certified Information Security manager) – Quiz with 100% Correct Answers

CISM (Certified Information Security manager) – Quiz with 100% Correct Answers Characteristics of a good information security risk management plan - Answer️️ - 1. Should be linked to business objectives 2. Should incorporate existing risk management practices Steps that IS manager should follow to plan a risk management program? - Answer️️ -1. Establish program context and purpose 2. developing a program scope statement and charter 3. identify and classify information assets and determine asset owners 4. define what the risk management plan will achieve for the organization 5. determining the methodology to be used 6. establish a program implementation team with people from key departments Risk Management Plan - Establishing program context and purpose - Answer️️ - This first step in risk management planning It includes defining the purpose of the program, setting objectives and outcomes for the program, and determining what ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 2 the acceptable levels of risk are for the organization. developing a program scope statement and charter is ranked Risk Management Plan - developing a program scope statement and charter - Answer️️ -This is the second step in risk management program planning. In this step, you create a scope statement that defines the risk management responsibilities of each department in the organization, the specific actions each member of a department must take, and the scope of authority that rests with the information security manager, and other risk management roles. Risk Management Plan - Identify and classify information assets and determine asset owners - Answer️️ -This is the third step in risk management program planning. All information assets are identified and classified to ensure they are easily identifiable and classified. Owners are identified and assigned so that someone is accountable for each asset. Risk Management Plan - Define what the risk management plan will achieve for the organization - Answer️️ -This is the fourth step in risk management program planning. Here, the objectives for the risk management program are set based on the risk analysis. Risk Management Plan - Determining the methodology to be used - Answer️️ - This is the fifth step in risk management program planning. In this step, you ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 3 determine what methods you'll use to manage the risks you've identified and prioritized. This involves assessing the effectiveness of the methods currently in use and identifying and evaluating alternative methods. Establish a program implementation team with people from key departments - Answer️️ -This is the sixth step in risk management program planning. A team is established with people from all departments. This helps in aligning the program to every activity that the organization performs. IR Management Program Roles - Answer️️ -1. Governing board and senior management 2. Chief information officer 3. System and information owners 4. Business and functional managers Governing board and senior management - Answer️️ -incorporate the results of risk analysis into business decisions. This helps to minimize the impact of similar risks in the future. Chief information officer - Answer️️ -ensures that the actual performance of all IT systems matches the expected performance, ensuring information security. ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM 4 System and information owners - Answer️️ -ensure that the steps in the program are implemented in the IT systems. So, they are responsible for author