Test your basic knowledge |

CISM: Certified Information Security Manager

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In assessing the degree to which an organization may be affected by new privacy legislation - information security management should first _____________________.






2. Responsible for securing the information.






3. Potentially damaging computer program that affects - or infects a computer negatively by altering the way the computer works






4. Awareness training would most likely result in any attempted ____________ being challenged by the authorized employee






5. Lists only the vulnerabilities inherent in the information asset that can attract threats. It does not consider the value of the asset and the impact of perceived threats on the value.






6. An organization without any formal information security program should start with _______________________ because the implementation should be based on those security requirements.






7. Adherence to local regulations must always be the priority. _______________________ is the most effective compromise in this situation.






8. A key indicator of performance measurement.






9. Most effective in protecting classified data that have been encrypted to prevent disclosure and transmission outside the organization's network.






10. S small warehouse - designed for the end-user needs in a strategic business unit






11. New security ulnerabilities should be managed through a ________________.






12. Provide minimum recommended settings and do not prevent introduction of control weaknesses.'






13. Company or person you believe will not send a virus-infect file knowingly






14. Should be performed to identify the risk and determine needed controls.






15. Has to be integrated into the requirements of every software application's design.






16. Will associate data access with the role performed by an individual - thus restricting access to data required to perform the individual's tasks.






17. Will prevent unauthorized access to the laptop even when the laptop is lost or stolen.






18. Most effective for evaluating the degree to which information security objectives are being met.






19. The risk that remains after putting into place an effective risk management program; therefore - acceptable risk is achieved when this amount is minimized.






20. A risk assessment should be conducted _________________.






21. btaining senior management support for establishing a warm site can BEST be accomplished by ____________________ - including a cost-benefit analysis - will be most persuasive to management. A risk assessment may be included in the business case - but






22. Warranted in circumstances where compliance may be difficult or impossible and the risk of noncompliance is outweighed by the benefits.






23. Accesses a computer or network illegally






24. A repository of historical data organized by subject to support decision makers in the org






25. Whenever personal data are transferred across national boundaries; ________________________ are required.






26. Uses security metrics to measure the performance of the information security program.






27. Also required to guarantee fulfillment of laws and regulations of the organization and - therefore - the information security manager will be obligated to comply with the law.






28. Information security architecture should always be _______________________. Alignment with IT plans or industry and security best practices is secondary by comparison.






29. The PRIMARY goal in developing an information security strategy is to: _________________________.






30. The job of the information security officer on a management team is to ___________________.






31. To improve the security governance framework and achieve a higher level of maturity _____________________ is most important.






32. Without _____________________ - there cannot be accountability.






33. In biometric systems where the possibility of false rejects is a problem - it may be necessary to reduce sensitivity and thereby increase the number of false accepts.






34. _______________ of the organization have the responsibility of ensuring information systems security this can include indirect personnel such as physical security personnel.






35. The MOST important element of an information security strategy.






36. Are expensive - so they have to be used in areas where the risk is at its greatest level. These areas are the ones with high impact and high frequency of occurrence.






37. Has full responsibility over data.






38. There is a time lag between the time when a security vulnerability is first published - and the time when a patch is delivered. - The best protection is to _____________________ until a patch is installed.






39. Because past performance is a strong predictor of future performance - _______________________ best prevents attacks from originating within an organization.






40. It is more efficient to establish a ___________________for locations that must meet specific requirements.






41. The security manager would be most concerned with whether _____________________ than the cost of adding additional controls.






42. Should be determined from the risk assessment results.






43. May show the performance result of the security related activities; however - the result is interpreted in terms of money and extends to multiple facets of security initiatives.






44. A trusted third party that attests to the identity of the signatory - and reliance will be a function of the level of trust afforded the CA.






45. Used to understand the flow of one process into another.






46. ecurity design flaws require a ____________________.






47. BEST option to improve accountability for a system administrator is to _____________________.






48. Change management controls the _____________________. This is often the point at which a weakness will be introduced.






49. The _____________________ should be the person with the decision-making power in the department deriving the most benefit from the asset.






50. Attackers who exploit flawed ___________________________________ can sniff network traffic and crack keys to gain unauthorized access to information.