Recreated_Enterprise_Governance_Questions Flashcards

1
Q
  1. What is the primary purpose of information security governance in an organization?
    A. To ensure compliance with IT frameworks
    B. To align security efforts with business goals
    C. To reduce employee errors
    D. To implement technical controls
A

B. To align security efforts with business goals

Excerpt: ‘The purpose of security governance is to align the organization’s security program with the needs of the business.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q
  1. Which of the following is a key outcome of information security governance?
    A. Increasing reliance on external consultants
    B. Aligning information security with enterprise strategy
    C. Reducing operational costs of IT departments
    D. Enhancing software development speed
A

B. Aligning information security with enterprise strategy

Excerpt: ‘Strategic alignment is achieved by aligning information security with business strategy to support organizational objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. What is the role of the Chief Information Security Officer (CISO) in governance?
    A. Develop business-aligned security strategies
    B. Oversee marketing strategies
    C. Review financial auditing practices
    D. Manage human resource operations
A

A. Develop business-aligned security strategies

Excerpt: ‘The CISO is responsible for developing business-aligned security strategies that support current and future business initiatives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
  1. What is a major benefit of integrating information security governance into corporate governance?
    A. Reduced dependence on legal advice
    B. Improved visibility of security in organizational decisions
    C. Increased project timelines
    D. Simplified vendor management
A

B. Improved visibility of security in organizational decisions

Excerpt: ‘Integrating information security governance into corporate governance ensures security is considered in key business decisions.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q
  1. Which governance activity is primarily focused on identifying and reducing risks?
    A. Business continuity planning
    B. Risk management
    C. Incident response
    D. Regulatory compliance
A

B. Risk management

Excerpt: ‘Risk management involves identifying risks in information systems and processes to reduce potential impacts.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
  1. What is the primary function of a security steering committee?
    A. To develop new IT frameworks
    B. To ensure alignment of security initiatives with business priorities
    C. To manage employee satisfaction surveys
    D. To lead sales and marketing campaigns
A

B. To ensure alignment of security initiatives with business priorities

Excerpt: ‘The primary mission of a security steering committee is to align security efforts with business priorities.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. What is the primary consideration when defining acceptable use policies (AUP)?
    A. Compliance with marketing guidelines
    B. Alignment with organizational goals
    C. Employee preferences
    D. Reducing IT workload
A

B. Alignment with organizational goals

Excerpt: ‘An acceptable use policy (AUP) should align with the organization’s overall goals and objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
  1. Which of the following describes the term ‘risk appetite’?
    A. The level of risk an organization is willing to accept
    B. The organization’s reaction to regulatory changes
    C. The legal penalties for non-compliance
    D. The willingness of employees to follow rules
A

A. The level of risk an organization is willing to accept

Excerpt: ‘Risk appetite is defined as the level of risk an organization is willing to accept while pursuing its objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
  1. What is the primary goal of strategic alignment in information security governance?
    A. To implement the latest security tools
    B. To align security initiatives with business objectives
    C. To minimize IT costs
    D. To maximize regulatory compliance
A

B. To align security initiatives with business objectives

Excerpt: ‘Strategic alignment involves aligning information security with business strategy to support organizational objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
  1. Which component is essential for effective risk management in governance?
    A. Understanding risk exposure
    B. Reducing operational overhead
    C. Avoiding all potential risks
    D. Increasing organizational transparency
A

A. Understanding risk exposure

Excerpt: ‘Risk management requires understanding the risk exposure and potential consequences of compromise.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
  1. What is the benefit of integrating assurance processes into information security governance?
    A. Reducing the need for external audits
    B. Ensuring processes operate as intended
    C. Simplifying IT management tasks
    D. Eliminating regulatory requirements
A

B. Ensuring processes operate as intended

Excerpt: ‘Assurance process integration ensures that processes operate as intended from end to end.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
  1. What is a key outcome of performance measurement in governance?
    A. Improved financial performance
    B. Identification of shortcomings in processes
    C. Elimination of all risks
    D. Reduced need for strategic alignment
A

B. Identification of shortcomings in processes

Excerpt: ‘Performance measurement helps identify shortcomings and provides feedback on progress made toward resolving issues.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
  1. Why is resource optimization important in information security governance?
    A. To reduce the workforce size
    B. To ensure efficient use of security infrastructure
    C. To eliminate the need for policies
    D. To minimize compliance costs
A

B. To ensure efficient use of security infrastructure

Excerpt: ‘Resource optimization involves using information security knowledge and infrastructure efficiently and effectively.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
  1. What is a primary responsibility of the board of directors in information security governance?
    A. To select IT systems for the organization
    B. To oversee corporate governance activities
    C. To implement technical controls
    D. To draft acceptable use policies
A

B. To oversee corporate governance activities

Excerpt: ‘The board of directors is accountable for ensuring corporate governance includes considerations for information security.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q
  1. What is the main role of organizational culture in information security governance?
    A. To dictate employee dress codes
    B. To influence how employees manage information security
    C. To define regulatory requirements
    D. To enforce technical security measures
A

B. To influence how employees manage information security

Excerpt: ‘Organizational culture affects how personnel work, think, and relate to one another, impacting information security.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
  1. Why is business alignment critical in information security governance?
    A. To reduce the number of policies
    B. To ensure security measures support organizational goals
    C. To streamline IT operations
    D. To minimize security awareness training
A

B. To ensure security measures support organizational goals

Excerpt: ‘Business alignment ensures the security program supports the organization’s mission and objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

17
Q
  1. Which of the following best describes a RACI chart?
    A. A tool for managing financial audits
    B. A chart that defines roles and responsibilities
    C. A compliance checklist
    D. A list of technical controls
A

B. A chart that defines roles and responsibilities

Excerpt: ‘A RACI chart assigns levels of responsibility to individuals and groups for various business activities.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

18
Q
  1. What is the primary consideration in developing an acceptable use policy (AUP)?
    A. Protecting employee rights
    B. Ensuring alignment with organizational security objectives
    C. Avoiding legal requirements
    D. Simplifying IT management tasks
A

B. Ensuring alignment with organizational security objectives

Excerpt: ‘An acceptable use policy should define permitted activities aligned with organizational security objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance

19
Q

“Vision flows downward in an organization….”

Name all 9 levels of the business strategy pyramid in descending order from highest level to most operational

A

Business Vision
Business Strategy
Business Objectives
IT Strategy
IT Security Strategy
Security Policy
Security Standards
Security Processes
Security Metrics