Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

xx. CISM - Exam Guide > 01. Enterprise Governance > Flashcards

01. Enterprise Governance Flashcards

1
Q

Enterprise Governance

“A process whereby senior management exerrts strategic control over business functions through policies, objectives, delegation of authority, and monitoring”

This is a definition of what fucntion

A

GOVERNANCE

33

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Enterprise Governance

GOVERNANCE is a process whereby senior management exerts strategic control over business functions through what 4 methods

A
  1. POLICIES
  2. OBJECTIVES
  3. DELEGATION OF AUTHORITY
  4. MONITORING

33

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Enterprise Governance

GOVERNANCE provides the management oversight of the business to ensure business processes effectively meet the organisations business ____ and ____

A
  1. VISION
  2. OBJECTIVES

33

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Enterprise Governance

  1. Organisations usually establish governance through the use of what body of people
  2. This body of people is usually responsible for seeting what business strategy
A
  1. STEERING COMMITTEE
  2. LONG TERM

  • Organisations usually establish governance through steering committees responsible for setting long term business strategy and making changes ot ensure that busines sprocesses continue to support business stragegy and the oragnisations overall needs

33

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Enterprise Governance

“Organisations usually establish governance through steering committees responsible for setting long term business strategy and making changes ot ensure that busines sprocesses continue to support business stragegy and the oragnisations overall needs”

This is accomplished through the development and enforcement of what 4 things

A
  1. POLICIES
  2. STANDARDS
  3. PROCEDURES
  4. REQUIREMENTS

33

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Enterprise Governance

Information security governance typically focuses on several key processes which include;

[ ] Personnel Management
[ ] Vendor hardware selection
[ ] Sourcing
[ ] Risk Management
[ ] Certicication and Training
[ ] Configuration Management
[ ] Change Management
[ ] Operating system selection
[ ] Access Management
[ ] Vulnerability Management
[ ] Team resource size
[ ] Incident Management
[ ] BCP

A

[X] Personnel Management
[ ] Vendor hardware selection
[X] Sourcing
[X] Risk Management
[ ] Certicication and Training
[X] Configuration Management
[X] Change Management
[ ] Operating system selection
[X] Access Management
[X] Vulnerability Management
[ ] Team resource size
[X] Incident Management
[X] BCP

33

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Enterprise Governance

Information Security is a BUSINESS or STRATEGIC issue

A

BUSINESS

34

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Enterprise Governance

The main reason typically cited for an information security business issue is what, in relation to individuals in particular roles

A

LACK OF UNDERSTANDING AND COMMITMENT
(board of directors and snr. exec)

34

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Enterprise Governance

  1. Many people in a business see information security as what sort of issue
  2. In order to be successful, information security must be considered what sort of issue
A
  1. TECHNOLOGY ISSUE
  2. PEOPLE ISSUE

34

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Enterprise Governance

How can a business be in a position of reduced risk in relation to people at all levels

A

UNDERSTAND ROLES AND RESPONSIBILITIES

  • When people at each level in the organisation understand the importance and impact of information security, their own roles and responsibilities, the organisation will be in a position of reduced risk

34

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Enterprise Governance

Information security governance is a set of established activities that helps management understand what 3 things in relation to the organisation

A
  1. STATE OF SECURITY PROGRAM
  2. CURRENT RISKS
  3. DIRECT ACTIVITIES

34

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Enterprise Governance

A goal of the security program is to contribute towards what in relation to the wider business

A

SECURITY STRATEGY

34

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Enterprise Governance

in order for a security governance program to succeed, what else should the business have established and in place

A

IT GOVERNANCE PROGRAM

34

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Enterprise Governance

“The desired capabilities or end states are ideally expressed in achievable, measurable terms”

This is the defnition of what artifact or action that forms part of a healthy security governance program

A

OBJECTIVES

35

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Enterprise Governance

“This is a plan to achieve one or more objectivies”

This is the defnition of what artifact or action that forms part of a healthy security governance program

A

STRATEGY

35

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Enterprise Governance

“At a minimum, ____ should directly reflect the mission, objectives, and goals of the overall organisation”

This is the defnition of what artifact or action that forms part of a healthy security governance program

A

POLICY

35

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Enterprise Governance

“These should flow directly from the organisations mission, objectives and goals. Whatever is most important to the organisation should also be essential to information security”

This is the defnition of what artifact or action that forms part of a healthy security governance program

A

PRIORITIES

35

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Enterprise Governance

“The technologies, protocols, and practices used by IT should align with the organisations needs. On their own, ____ help drive a consistent approac to solving business challenges. A choice of these should facilitate solutions that meet the organisations needs in a cost-effective and secure manner”

This is the defnition of what artifact or action that forms part of a healthy security governance program

A

STANDARDS

  • The choice of standards should facilitate solutions that meet the organisations needs in a cost effective and secure manner

35

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Enterprise Governance

“Formalised descriptions of repeated business activities include instructions to applicable personnel. Include one or more procedures and definitions of business records and other facts that help workers understand how things are supposed to be done”

This is the defnition of what artifact or action that forms part of a healthy security governance program

A

PROCESSES

35

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Enterprise Governance

“The are formal descriptions of critical activities to ensure desired outcomes”

This is the defnition of what artifact or action that forms part of a healthy security governance program

A

CONTROLS

35

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Enterprise Governance

“The organisations IT and security programs and projects should be organised and performed in a consistent manner that reflects business priorities and supports the business”

This is the defnition of what artifact or action that forms part of a healthy security governance program

A

PROGRAM & PROJECT MANAGEMENT

35

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Enterprise Governance

“____ includes the formal measurement of processes and controls so that management understands and can measure them”

This is the defnition of what artifact or action that forms part of a healthy security governance program

A

METRICS/REPORTING

35

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Enterprise Governance

Security governance should be practiced in a business in the same way it performs governance in what 2 other areas

A
  1. IT GOVERNANCE
  2. CORPORATE GOVERNANCE

35

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Enterprise Governance

“Management will ensure that risk assessments are performed to identify risks in information systems and supported processes. Follow up actions will bec arried out to reduce the risk of system failure and compromise”

This is a definition of which activity required to protect the organisation

A

RISK MANAGEMENT

36

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Enterprise Governance

“Management will ensure that key changes will be made to business processes that will resul tin security improvement”

This is a definition of which activity required to protect the organisation

A

PROCESS IMPROVEMENT

36

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Enterprise Governance

“Management will put technologies and processes in place to ensure that security events and incidents will be identified as quickly as possible”

This is a definition of which activity required to protect the organisation

A

EVENT IDENTIFICATION

36

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Enterprise Governance

“Management will put incident response procedures into place to help avoid incidents, reduce impact and probability of incidents, and improve response to incidents to minimise their impact on the organisations”

This is a definition of which activity required to protect the organisation

A

INCIDENT RESPONSE

37

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Enterprise Governance

“Management will identify all applicable laws, regulations, and standards and carry out activitiys to confirm that the orgnaisation can attain and maintain compliance”

This is a definition of which activity required to protect the organisation

A

IMPROVED COMPLIANCE

37

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Enterprise Governance

“Management will define objectives and allocate resources to develop business continuity and disaster recovery plans”

This is a definition of which activity required to protect the organisation

A

BCP/DR PLANNING

37

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Enterprise Governance

“Management will establish processes to measure key security events such as incidents, policy changes and violations, audits, and training”

This is a definition of which activity required to protect the organisation

A

METRICS

37

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Enterprise Governance

“The allocation of workforce budget, and other resources to meet security objectives is monitored by management”

This is a definition of which activity required to protect the organisation

A

RESOURCE MANAGEMENT

37

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Enterprise Governance

“An effective security governance program will result in better strategic descisions in the IT organisation that keep risks at an acceptably low level”

This is a definition of which activity required to protect the organisation

A

IMPROVED IT GOVERNANCE

37

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Enterprise Governance

What are the 2 key results of having an effective security governance program in place

A
  1. INCREASED TRUST
  2. IMPROVED REPUTATION

  1. Customers, suppliers, and partners will trust the organisations to a greater degree when they see that security is managed effectively
  2. The business community, including custoemrs, investors, and regulators, will hold the organisation in higher regard

37

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Enterprise Governance

To be business aligned, people in the security pgoram should be aware of what 5 charactersitics of the organisations;

[ ] Size and No. of Employees
[ ] Culture
[ ] Asset Value
[ ] Number of assets
[ ] Back up Objective
[ ] Risk Tolerance
[ ] Legal Obligations
[ ] Most importance client
[ ] Market Conditions

A

[ ] Size and No. of Employees
[X] Culture
[X] Asset Value
[ ] Number of assets
[ ] Back up Objective
[X] Risk Tolerance
[X] Legal Obligations
[ ] Most importance client
[X] Market Conditions

38

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Enterprise Governance

A risk associated with an overzelous security manager who is more risk-averse than the business itself causing groups within the business to bypass corporate IT processes and procure their own solutions

A

SHADOW IT

38

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Enterprise Governance

Goals and objectives further the organisations mission, helping it to achieve what;

[ ] Attract new customers
[ ] Have a large workforce
[ ] Increase market share
[ ] Increase revenue/profitability
[ ] Grow rapidly

A

[X] Attract new customers
[ ] Have a large workforce
[X] Increase market share
[X] Increase revenue/profitability
[ ] Grow rapidly

38

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Enterprise Governance

What is the ISACA definition of risk appetite

A

“Level of risk an organisation is willing to accept while purusing its mission, strategy, and objectives before taking action to treat the risk”

39

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Enterprise Governance

“the term used that describes how people within an organisation treat one another and how they get things done”

This is a definition of what

A

ORGANISATIONAL CULTURE

39

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Enterprise Governance

The way that an organisations leaders treat each other sets what to the rest of the employees

A

BEHAVIORAL NORMS

39

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Enterprise Governance

A culture that affects how the organisation deals with risk and how it treats risk over time

A

RISK CULTURE

39

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

Enterprise Governance

A formal policy statement that defines permitted activities and forbidden activities in an organisation

A

ACCEPTABLE USE POLICY
(AUP)

39

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

Enterprise Governance

A policy that sets to regulate the behaviour of professional sand ensure that those professionals maintain a high standard of conduct

A

CODE OF ETHICS
aka code of conduct

40

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

Enterprise Governance

The UK act and year that sets out the prohibition of individuals or organisations bribing foreign government officals

A

UK BRIBERY ACT 2010

40

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

Enterprise Governance

Laws, Regulations, Professional standards and requirements are all examples of INTERNAL or EXTERNAL governance

A

EXTERNAL

40

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

Enterprise Governance

As well as laws, regulations, professional standards and requirements, what else may be a form of external governance imposed on an organisation

A

CONTRACTUAL REQUIREMENTS

41

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

Enterprise Governance

If an organisation has a hierarchical structure in place i.e. specific departments in place to carry out roles and responsibilities, it can be said to have what sort of structure

A

FUNCTIONAL

41

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

Enterprise Governance

All different organisational structures in the business, from lower level work sections to higher level departments and divisions, have “what” in regards to cybersecurity

A

RESPONSIBILITIES

  • Information security is everyones responsibility

42

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

Enterprise Governance

Information security governance is most effective when every person knows what about their role

A

WHAT IS EXPECTED OF THEM

  • Better organisations develop formal roles and responsibilities so that personnel have a clear idea of their part in all matters related to the protection of information systems

42

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

Enterprise Governance

“A description of the expected activities that an employee is obligated to perform as part of their employment”

What is this a definition of in relation to organisational roles

A

ROLE

42

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

Enterprise Governance

“Roles are typically associated with this label, the label being assigned to each person that designates their place in the organisation”

What is this a definition of in relation to organisational roles

A

JOB TITLE

42

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

Enterprise Governance

“A statement of activities that a person is expected to perform”

What is this a definition of in relation to organisational roles

A

RESPONSIBILITIES

43

52
Q

Enterprise Governance

A chart that assigns levels of responsibility to individuals and groups

A

RACI

43

53
Q

Enterprise Governance

“The person or group that performs the actual work or task”

This is a definition of which function in a RACI chart

A

RESPONSIBLE

44

54
Q

Enterprise Governance

“The person who is ultimately answerable for complete, accurate, and timely execution of the work”

This is a definition of which function in a RACI chart

A

ACCOUNTABLE

44

55
Q

Enterprise Governance

“One or more people or groups enagaged with to determine their opinions, experiences, or insight”

This is a definition of which function in a RACI chart

A

CONSULTED

44

56
Q

Enterprise Governance

“One or more people or groups spoken to by those in other roles”

This is a definition of which function in a RACI chart

A

INFORMED

44

57
Q

Enterprise Governance

When assigning roles to individuals and groups in a RACI chart, what 3 specific aspects must be considered

[ ] Age of employee
[ ] Skills/Capabilities
[ ] Segregation of duties
[ ] Conflict of interest
[ ] Resource availability

A

[ ] Age of employee
[X] Skills/Capabilities
[X] Segregation of duties
[X] Conflict of interest
[ ] Resource availability

45

58
Q

Enterprise Governance

A duty that baord of directors have that holds them accountable to shareholders or constituents, and to act in the organisations best interests

A

FIDUCIARY DUTY

45

59
Q

Enterprise Governance

What are 3 reasons that a board member may be selected into the role;

[ ] Gender
[ ] Investor representation
[ ] Age
[ ] Business experience
[ ] Access to resources
[ ] Financially well off

A

[ ] Gender
[X] Investor representation
[ ] Age
[X] Business experience
[X] Access to resources
[ ] Financially well off

45

60
Q

Enterprise Governance

The National Association of Corporate Directors (NACD) has developed 5 principles regarding the importance of information security. Marry up each of the principles in order as listed below

[ ] Boards should have adequate access to cybersecurity expertise, and discussions about cyber risk management should be given regular time on board meeting agendas
[ ] Directors should understand the legal implications of cyber risks
[ ] Board management discussions should include identification and qualification of financial exposure to cyber risks
[ ] Directros should set the expectation that management will establish an enterprise wider cyber risk management framework
[ ] Directors need to understand and approach cybersecurity as a strategic, enterprise risk, not just an IT risk

OPTIONS
Principle 1
Principle 2
Principle 3
Principle 4
Principle 5

A

[3] Boards should have adequate access to cybersecurity expertise, and discussions about cyber risk management should be given regular time on board meeting agendas
[2] Directors should understand the legal implications of cyber risks
[5] Board management discussions should include identification and qualification of financial exposure to cyber risks
[4] Directros should set the expectation that management will establish an enterprise wider cyber risk management framework
[1] Directors need to understand and approach cybersecurity as a strategic, enterprise risk, not just an IT risk

46

61
Q

Enterprise Governance

  1. Develop and operate business-enabling capabilities through the use of information systems is the primary mission of IT or INFOROMATION SECURITY
  2. Develop a program of risk management, security privacy , and compliance is the primary mission of IT or INFOROMATION SECURITY
A
  1. IT
  2. INFORMATION SECURITY

46

62
Q

Enterprise Governance

What are the 3 chief title/roles that typically exist within an organisation within the executive team

A
  1. CHIEF INFORMATION OFFICER (CIO)
  2. CHIEF TECHNICAL OFFICER (CTO)
  3. CHIEF INFORMATION SECURITY OFFICER (CISO)

47

63
Q

Enterprise Governance

What are the 3 key areas that executive management should be involved in;

  1. ____ : Security policies developed by the information security function should be visibility endorsed
  2. ____ : The executive team should not exhibit behaviour suggesting they are “above” security policy
  3. ____ : Responsible for all actions carried out by the personnel who report to them
A
  1. RATIFY CORPORATE SECURITY POLICY
  2. LEAD BY EXAMPLE
  3. ULTIMATE RESPONSIBILITY

47

64
Q

Enterprise Governance

Who or which group is typically responsible for the following;

  1. Risk treatment deliberation and recommendation
  2. Discussion and coordination of IT and security projects
  3. Review of recent risk assessments
  4. Discussion on new laws, regulations, and requirements
  5. Review of recent security incidents
A

STEERING COMMITTEE

47/48

65
Q

Enterprise Governance

A business process and business asset owner is typically someone of a TECHNICAL or NON TECHNICAL background in a SUPPORT or MANAGEMENT role

A
  1. NON TECHNICAL
  2. MANAGEMENT

48

66
Q

Enterprise Governance

The responsibilities of business process and business asset owners includes which 7 functions;

[ ] Access grants
[ ] Access revocation
[ ] Access disposal
[ ] Access reviews
[ ] Configuration
[ ] Editing
[ ] Function definition
[ ] Safety documentation
[ ] Process definition
[ ] Physical location

A

[X] Access grants
[X] Access revocation
[ ] Access disposal
[X] Access reviews
[X] Configuration
[ ] Editing
[X] Function definition
[ ] Safety documentation
[X] Process definition
[X] Physical location

48

67
Q

Enterprise Governance

As a result of asset owners not being involved in the day to day activities related to managing their assets, and other teams acting as proxy to grant and revoke access, what should they do periodically to get a better assessment on their assets

A

PERIODIC REVIEW

49

68
Q

Enterprise Governance

In origanisations that do not have a CISO, this hampers the visibility and importance of information security and often results in information security being what sort of function i.e. concerned with primary defenses such as firewalls, antivirus, and other tools, and excluding strategy level information security.

A

TACTICAL FUNCTION

50

69
Q

Enterprise Governance

Not having a CISO often results in teh absence of a security program and the organisations general lack of priority for and awareness of relevent (i) ____ , (ii) ____ , and (iii) ____

A
  1. RISKS
  2. THREATS
  3. VULNERABILITIES

50

70
Q

Enterprise Governance

A glance at the title of the highest-ranking infromation security position in a large organisation reveals much about the executive managements opinion on information security. The following defines what role as the highest ranking position;

“Information security is tactical and often views as consisting only of antivirus software and firewalls. The role has no visibility into the development of business objectives. EXecutives consider security as unimportant and based on technology only”

A

SECURITY MANAGER

50

71
Q

Enterprise Governance

A glance at the title of the highest-ranking infromation security position in a large organisation reveals much about the executive managements opinion on information security. The following defines what role as the highest ranking position;

“Information security is essential and has moderate decision making capability but little influence on the business. May have little visibility of overall business strategies and little or no access to exectuvei management or the board of directors”

A

SECURITY DIRECTOR

50

72
Q

Enterprise Governance

A glance at the title of the highest-ranking infromation security position in a large organisation reveals much about the executive managements opinion on information security. The following defines what role as the highest ranking position;

“Information security is strategic but does not influence business strategy and objectives. The role has access to exectuvei management and possibility the board of directors”

A

VICE PRESIDENT

50

73
Q

Enterprise Governance

A glance at the title of the highest-ranking infromation security position in a large organisation reveals much about the executive managements opinion on information security. The following defines what role as the highest ranking position;

“Information security is strategic, and business objectives are developed with full consideration for risk. The C-level security person has free access to exectuive management and the board of directors”

A

CISO/CIRO/CRO/CSO/vCISO

50

74
Q

Enterprise Governance

The role of a Chief Privacy Officer (CPO) aka Data Protection Officer (DPO) may be required because the organisation stores vast amounts of data which contains what in relation to individuals

A

PERSONALLY IDENTIFIABLE INFORMATION
(PII)

51

75
Q

Enterprise Governance

“A role that typically includes oversight over policy and organisation functions that come into scope for regulations and standards”

This is a definition of what role

A

CHIEF COMPLIANCE OFFICER
(CPO)

51

76
Q

Enterprise Governance

“responsible for overall information systems architecture in the organisation”

This is the definition of which software development role

A

SOFTWARE ARCHITECT

51

77
Q

Enterprise Governance

“Involved with the design of applications, including changes in applications original design”

This is the definition of which software development role

A

SYSTEMS ANALYST

51

78
Q

Enterprise Governance

“Develops application software, custome interfaces, application customisations etc.”

This is the definition of what software development role

A

SOFTWARE ENGINEER/DEVELOPER

51

79
Q

Enterprise Governance

“Responsible for data architecture and management in large organisations”

This is the definition of what Data Management role

A

DATA MANAGER

52

80
Q

Enterprise Governance

“develops logical and physical designs of data models for applications”

This is the definition of what Data Management role

A

DATA ARCHITECT

52

81
Q

Enterprise Governance

“Develops data models and data analystics for large, complex data sets”

This is the definition of what Data Management role

A

BIG DATA ARCHITECT

52

82
Q

Enterprise Governance

“Builds and maintains databases designed by the database architect and databases that are included as part of purchased applications”

This is the definition of what Data Management role

A

DATABASE ADMINISTRATOR
(DBA)

52

83
Q

Enterprise Governance

“performs tasks that are junior to the DBA, carrying out routine data maintenance and monitoring tasks”

This is the definition of what Data Management role

A

DATABASE ANALYST

52

84
Q

Enterprise Governance

“Applies scientific methods, builds processes, andi mplements systems to extract knowledge or insights from data”

This is the definition of what Data Management role

A

DATA SCIENTEST

52

85
Q

Enterprise Governance

“designs data and voice networks and designs changes and upgrades to networks”

This is the definition of which Network Management role

A

NETWORK ARCHITECT

52

86
Q

Enterprise Governance

“implements, configures, and maintains network devices such as router,s switches, firewalls, and gateways”

This is the definition of which Network Management role

A

NETWORK ENGINEER

52

87
Q

Enterprise Governance

“Performs routine tasks in the network, such as making configuration changes and monitoring event logs”

This is the definition of which Network Management role

A

NETWORK ADMINISTRATOR

52

88
Q

Enterprise Governance

“works with telecommunications technologies such as telecom services, data circuits, phone systems etc.”

This is the definition of which Network Management role

A

TELECOM ENGINEER

52

89
Q

Enterprise Governance

“responsible for the overall architectur of systems (usually servers) in terms of the internal architectur of a system and the relationship between systems”

This is the definition of which Systems Management role

A

SYSTEMS ARCHITECT

53

90
Q

Enterprise Governance

“responsible for designing, building, and maintaining servers and server operating systems”

This is the definition of which Systems Management role

A

SYSTEMS ENGINEER

53

91
Q

Enterprise Governance

“responsible for designing, building, and maintaining storage subsystems”

This is the definition of which Systems Management role

A

STORAGE ENGINEER

53

92
Q

Enterprise Governance

“responsible for performing maintenance and configuration opreations on systems”

This is the definition of which Systems Management role

A

SYSTEMS ADMINISTRATOR

53

93
Q

Enterprise Governance

“responsible for overall operations carried out by others”

This is the definition of which IT Operations role

A

OPERATIONS MANAGER

53

94
Q

Enterprise Governance

“responsible for developing operational procedures, examining the health of networks, systems, and databases, setting and monitoring operations schedule, and maintaining operations records”

This is the definition of which IT Operations role

A

OPERATIONS ANALYST

53

95
Q

Enterprise Governance

“monitors batch jobs, data entry work, and other tasks to make sure they are operating correctly”

This is the definition of which IT Operations role

A

CONTROLS ANALYST

53

96
Q

Enterprise Governance

“responsible for monitoring systems and networks, perfroming backup tasks, running batch kobs, printing reports, and perfroming other operational tasks”

This is the definition of which IT Operations role

A

SYSTEMS OPERATOR

53

97
Q

Enterprise Governance

“responsible for maintaining and tracking the use and whereabouts of backup volumes”

This is the definition of which IT Operations role

A

MEDIA MANAGER

53

98
Q

Enterprise Governance

“responsible for performing risk assessements and maintaining the risk register”

This is the definition of which Governance, Risk, and Compliance (GRC) role

A

RISK MANAGER

54

99
Q

Enterprise Governance

“responsible for maintaining security and privacy policy documents and related information. Works closley with the risk manager, identifying risks that may identify the need for new andupdated policy”

This is the definition of which Governance, Risk, and Compliance (GRC) role

A

POLICY MANAGER

54

100
Q

Enterprise Governance

“responsible for maintaining security controls, advising control owners on responsibilities and expectations, and assessing controls for effectiveness”

This is the definition of which Governance, Risk, and Compliance (GRC) role

A

CONTROLS MANAGER

54

101
Q

Enterprise Governance

“responsible for assessing new and existing vencors and service providers, identifying and reporting on risks, and developing mitigation strategies”

This is the definition of which Governance, Risk, and Compliance (GRC) role

A

THIRD-PARTY RISK MANGEMENT

54

102
Q

Enterprise Governance

“responsible for data classification policy and serves as a governance function to manage the organisations use of information”

This is the definition of which Governance, Risk, and Compliance (GRC) role

A

INFORMATION GOVERNANCE

54

103
Q

Enterprise Governance

“responsible for developing and delivering content of various types to enable the workforce to understand their informationsecurity and privacy responsibilities”

This is the definition of which Governance, Risk, and Compliance (GRC) role

A

SECURITY AWARENESS TRAINING

54

104
Q

Enterprise Governance

“responsible for developing and executing communications plans to keep employees, customers, regulators, and shareholders information of business emergencies and disruptive events”

This is the definition of which Business Resilience role

A

CRISIS COMMUNCIATIONS

54

105
Q

Enterprise Governance

“responsible for developing and executing plans to manage business emergencies when they occur”

This is the definition of which Business Resilience role

A

CRISIS MANAGEMENT

54

106
Q

Enterprise Governance

“responsible for conducting business impact analysis and criticality analysis and for developing and testing business continuity plans”

This is the definition of which Business Resilience role

A

BUSINESS CONTINUITY PLANNING

54

107
Q

Enterprise Governance

“responsible for developing and testing procedures that ensure information systems continued operation and recovery when disruptive events occur”

This is the definition of which Business Resilience role

A

DISASTER RECOVERY PLANNING

54

108
Q

Enterprise Governance

“responsible for designing technical security controls, systems, and solutions in contexts such as authentication, audit logging, IDS, IPS, access control, antimalware, and firewalls”

This is the definition of which Security Operations role

A

SECURITY ARCHITECT

54

109
Q

Enterprise Governance

“responsible for designing, building, and maintaining security services and systems designed by the security architect”

This is the definition of which Security Operations role

A

SECURITY ENGINEER

55

110
Q

Enterprise Governance

“responsible for examining logs from firewalls and IDS and auit logs from systems and applications”

This is the definition of which Security Operations role

A

SECURITY ANALYST

55

111
Q

Enterprise Governance

“responsible for conducting forensic investigationson information systems to identify the presence and effect of malware, misbehaviour of employees, and actions taken by intruders”

This is the definition of which Security Operations role

A

FORENSICS ANALYST

55

112
Q

Enterprise Governance

“responsible for using tools to identify vulnerabilities ininformation systems and advising system owners to develop mitigation strategies”

This is the definition of which Security Operations role

A

PENETRATION TESTER

55

113
Q

Enterprise Governance

“responsible for accepting approved requests for user access management changes”

This is the definition of which Security Operations role

A

ACCESS ADMINISTRATOR

55

114
Q

Enterprise Governance

“responsible for audit operations and scheulding and managing audtis”

This is the definition of which Security Audit role

A

SECURITY AUDIT MANAGER

55

115
Q

Enterprise Governance

“responsible for performing internal audits of IT controls to ensure that they are operated properly”

This is the definition of which Security Audit role

A

SECURITY AUDITOR

55

116
Q

Enterprise Governance

“serves as a liaison between end users and the IT service desk department”

This is the definition of which Service Desk role

A

SERVICE DESK MANAGER

55

117
Q

Enterprise Governance

“responsible for providing frontline user support services to personnel in the organisation”

This is the definition of which Service Desk role

A

SERVICE DESK ANALYST

55

118
Q

Enterprise Governance

“responsible for facilitating quality improvement activities throughout the IT organisations”

This is the definition of which Quality Assurance role

A

QA MANAGER

56

119
Q

Enterprise Governance

“responsible for providing technical support services to other IT personnel and IT customers”

This is the definition of which Service Desk role

A

TECHNICAL SUPPORT ANALYST

55

120
Q

Enterprise Governance

“responsible for testing IT systems and applications to confirm whether they are free of defects”

This is the definition of which Quality Assurance role

A

QC MANAGER

56

121
Q

Enterprise Governance

“responsible for maintaining business relationships with external vendors, measuring their performance, and handling business issues”

This is the definition of which organisational role

A

VENDOR MANAGER

56

122
Q

Enterprise Governance

“responsible for performing tasks supporting numerous functions in IT, information security, and privacy organisations”

This is the definition of which organisational role

A

BUSINESS ANALYST

56

123
Q

Enterprise Governance

*“responsible for creating project plans and managing IT and securtiy projtects”(

This is the definition of which organisational role

A

PROJECT MANAGER

56

124
Q

Enterprise Governance

“repsonsible for financial planning and budget management for IT”

This is the definition of which organisational role

A

FINANCE MANAGER

56

125
Q

Enterprise Governance

General staff have what 4 security related responsibilities as part of their employement;

[ ] Understanding and complaying with security policy
[ ] Challenging suspicous people in the business
[ ] Acceptable use of organisation assets
[ ] Proper judgement and proper responses to requests for information
[ ] Monitoring personal computer logs for suspicious activity
[ ] Reporting security-related incidents
[ ] Telling off other staff members non compliant with security policies

A

[X] Understanding and complaying with security policy
[ ] Challenging suspicous people in the business
[X] Acceptable use of organisation assets
[X] Proper judgement and proper responses to requests for information
[ ] Monitoring personal computer logs for suspicious activity
[X] Reporting security-related incidents
[ ] Telling off other staff members non compliant with security policies

56

xx. CISM - Exam Guide (1 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions