The BEST way to ensure that information security policies are followed is to:
Correct Answer: B
Section: INFORMATION SECURITY PROGRAM MANAGEMENT Explanation: The best way to ensure that information security policies are followed is to periodically review levels of compliance. Distributing printed copies, advertising an abuse hotline or linking policies to an international standard will not motivate individuals as much as the consequences of being found in noncompliance. Escalating penalties will first require a compliance review.
Question 657
What should be the PRIMARY basis for prioritizing incident containment?
Correct Answer: D
Question 658
How would an information security manager balance the potentially conflicting requirements of an international organization's security standards and local regulation?
Correct Answer: D
Section: INFORMATION SECURITY GOVERNANCE Explanation: Adherence to local regulations must always be the priority. Not following local regulations can prove detrimental to the group organization. Following local regulations only is incorrect since there needs to be some recognition of organization requirements. Making an organization aware of standards is a sensible step, but is not a total solution. Negotiating a local version of the organization standards is the most effective compromise in this situation.
Question 659
Which of the following BEST enables staff acceptance of information security policies?
Correct Answer: A
Explanation = Strong senior management support is the best factor to enable staff acceptance of information security policies, as it demonstrates the commitment and leadership of the organization's top executives in promoting and enforcing a security culture. Senior management support can also help ensure that the information security policies are aligned with the business goals and values, communicated effectively to all levels of the organization, and integrated into the performance evaluation and reward systems. Senior management support can also help overcome any resistance or challenges from other stakeholders, such as business units, customers, or regulators123. References = 1: CISM Review Manual 15th Edition, page 26-274 2: CISM Practice Quiz, question 1102 3: Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition, page 5-6
Question 660
Which of the following is MOST important to the success of an information security program?
Correct Answer: C
Explanation/Reference: Explanation: Sufficient senior management support is the most important factor for the success of an information security program. Security awareness training, although important, is secondary. Achievable goals and objectives as well as having adequate budgeting and staffing are important factors, but they will not ensure success if senior management support is not present.
