Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Same intent as a cracker but does not have the technical skills and knowledge






2. The most critical process for deciding which part of the information system/business process should be given prioritization in case of a security incident.It provides results - such as impact from a security incident and required response times.






3. The first step in a risk analysis process to determine the impact to the organization - which is the ultimate goal.






4. Can be used to detect an external attack but would not help in authenticating a user attempting to connect.






5. The MOST useful way to describe the objectives in the information security strategy is through ______________________.

Warning: Invalid argument supplied for foreach() in /var/www/html/basicversity.com/show_quiz.php on line 183


6. The information security manager needs to prioritize the controls based on ________________________.






7. Culture has a significant impact on how information security will be implemented in a ______________________.






8. Scam in which a perpetrator sends an official looking email message that attempts to obtain your personal and financial information






9. Reducing risk to a level too small to measure is _______________.






10. Lists only the threats that the information asset is exposed to. It does not consider the value of the asset and impact of the threat on the value.






11. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.






12. Change management controls the _____________________. This is often the point at which a weakness will be introduced.






13. Legal document to be signed by all employees - suppliers etc before they 'touch' the organization - to protect the organization's intellectual property.






14. Program that copies itself repeatedly - using up resources and possibly shutting down the computer or network






15. The PRIMARY goal in developing an information security strategy is to: _________________________.






16. n a _________________________ - the annual cost of safeguards is compared with the expected cost of loss. This can then be used to justify a specific control measure.






17. Identification and _______________ of business risk enables project managers to address areas with most significance.






18. Applications cannot access data associated with other apps






19. The MOST important element of the request for proposal (RFP) ro assess the maturity level of the organization's information security management is _______________________.






20. The MOST effective approach to address issues that arise between IT management - business units and security management when implementing a new security strategy is for the information security manager to ____________________ with any security recomm






21. Ultimately responsible for all that happens in the organization. The others are not individually liable for failures of security in the organization.






22. _________________________ will allow the information security manager to prioritize the remedial measures and provide a means to convey a sense of urgency to management.






23. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






24. The risk that controls may not prevent/detect an incident with a measure of control effectiveness.






25. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.






26. Risk assessment is a very important process for the ___________________. Risk assessment provides information on the likelihood of occurrence of security incidence and assists in the selection of countermeasures - but not in the prioritization.






27. __________________________ is of utmost importance. Understanding business objectives is critical in determining the security needs of the organization.






28. Accesses a computer or network illegally






29. The job of the information security officer on a management team is to ___________________.






30. Oversees the overall classification management of the information.






31. Logging as well as monitoring - measuring - auditing - detecting viruses and intrusion.






32. Normally addressed through antivirus and antispyware policies.






33. The best indicator of the level of compliance with the service level agreement ( SLA ) data confidentiality clauses.






34. The MOST important element of an information security strategy.






35. Provides process needs but not impact.






36. ecurity design flaws require a ____________________.






37. Needs to define the access rules - which is troublesome and error prone in large organizations.






38. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.






39. Risk should be reduced to a level that an organization _____________.






40. The primary role of the information security manager in the process of information classification within the organization.






41. Most effective for evaluating the degree to which information security objectives are being met.






42. By definition are not previously known and therefore are undetectable.






43. Requires a process to verify that the control process worked as intended. Examples such as dual-control or dual-entry bookkeeping provide verification and assurance that the process operated as intended.






44. The most fundamental evaluation criteria for the appropriate selection of any security technology is ________________________.






45. Has full responsibility over data.






46. New security ulnerabilities should be managed through a ________________.






47. Provides strong online authentication.






48. Should be a standard requirement for the service provider.






49. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.






50. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.