CISM - Policies and Standards Exam
Questions & Answers (Grade A+)
The MOST important characteristic of good security policies is that
they:
state expectations of IT management.
state only one general security mandate.
are aligned with organizational goals.
govern the creation of procedures and guidelines. - C is the correct
answer.
Justification
Stating expectations of IT management omits addressing overall
organizational goals and objectives.
Stating only one general security mandate is the next best option
because policies should be clear; otherwise, policies may be
confusing and difficult to understand and enforce.
,CISM - Policies and Standards Exam
Questions & Answers (Grade A+)
The most important characteristic of good security policies is that
they are aligned with organizational goals. Failure to align policies
and goals makes them ineffective and potentially misleading in
governing the creation of standards and procedures.
Policies govern the creation of standards, which in turn, govern the
development of procedures.
The corporate information security policy should:
address corporate network vulnerabilities.
address the process for communicating a violation.
be straightforward and easy to understand.
be customized to specific target audiences. - C is the correct
answer.
Justification
,CISM - Policies and Standards Exam
Questions & Answers (Grade A+)
Information security policies are high level and do not address
network vulnerabilities directly.
Information security policies are high level and do not address the
process for communicating a violation.
As high-level statements, information security policies should be
straightforward and easy to understand.
As policies, information security policies should provide a uniform
message to all groups and user roles.
To achieve effective strategic alignment of information security
initiatives, it is important that:
steering committee leadership rotates among members.
major organizational units provide input and reach a consensus.
the business strategy is updated periodically.
, CISM - Policies and Standards Exam
Questions & Answers (Grade A+)
procedures and standards are approved by all departmental heads.
- B is the correct answer.
Justification
Rotation of steering committee leadership does not help in
achieving strategic alignment.
It is important to achieve consensus on risk and controls and obtain
inputs from various organizational entities because security needs
to be aligned with the needs of the various parts of the
organization.
Updating business strategy does not lead to strategic alignment of
security initiatives.
Procedures and standards do not need to be approved by ALL
departmental heads.
Which of the following challenges associated with information
security documentation is MOST likely to affect a large, established
organization?
Questions & Answers (Grade A+)
The MOST important characteristic of good security policies is that
they:
state expectations of IT management.
state only one general security mandate.
are aligned with organizational goals.
govern the creation of procedures and guidelines. - C is the correct
answer.
Justification
Stating expectations of IT management omits addressing overall
organizational goals and objectives.
Stating only one general security mandate is the next best option
because policies should be clear; otherwise, policies may be
confusing and difficult to understand and enforce.
,CISM - Policies and Standards Exam
Questions & Answers (Grade A+)
The most important characteristic of good security policies is that
they are aligned with organizational goals. Failure to align policies
and goals makes them ineffective and potentially misleading in
governing the creation of standards and procedures.
Policies govern the creation of standards, which in turn, govern the
development of procedures.
The corporate information security policy should:
address corporate network vulnerabilities.
address the process for communicating a violation.
be straightforward and easy to understand.
be customized to specific target audiences. - C is the correct
answer.
Justification
,CISM - Policies and Standards Exam
Questions & Answers (Grade A+)
Information security policies are high level and do not address
network vulnerabilities directly.
Information security policies are high level and do not address the
process for communicating a violation.
As high-level statements, information security policies should be
straightforward and easy to understand.
As policies, information security policies should provide a uniform
message to all groups and user roles.
To achieve effective strategic alignment of information security
initiatives, it is important that:
steering committee leadership rotates among members.
major organizational units provide input and reach a consensus.
the business strategy is updated periodically.
, CISM - Policies and Standards Exam
Questions & Answers (Grade A+)
procedures and standards are approved by all departmental heads.
- B is the correct answer.
Justification
Rotation of steering committee leadership does not help in
achieving strategic alignment.
It is important to achieve consensus on risk and controls and obtain
inputs from various organizational entities because security needs
to be aligned with the needs of the various parts of the
organization.
Updating business strategy does not lead to strategic alignment of
security initiatives.
Procedures and standards do not need to be approved by ALL
departmental heads.
Which of the following challenges associated with information
security documentation is MOST likely to affect a large, established
organization?
