CISM domain 2 tests QUESTIONS And Answers 2022

An information security manager performing a security review determines that compliance with access control policies to the data center is inconsistent across employees. The FIRST step to address this issue should be to: - Answer - assess the risk of noncompliance. The information security manager should treat regulatory compliance requirements as: - Answer - just another risk. Management decided that the organization will not achieve compliance with a recently issued set of regulations. Which ofthe following is the MOST likely reason for the decision? - Answer - the cost of compliance exceeds the cost of possible sanctions. The value of information assets is BEST determined by: - Answer - individual business managers It is important to classify and determine relative sensitivity of assets to ensure that: - Answer - countermeasures are proportional to risk. When performing an information risk analysis, an information security manager should FIRST: - Answer - take an asset inventory. The PRIMARY benefit of performing an information asset classification is to: - Answer - identify controls commensurate (съизмерими) to risk. Which program element should be implemented FIRST in asset classification and control? - Answer - valuation When performing