Which of the following roles would represent a conflict of interest for an information security manager?
Correct Answer: C
Section: INFORMATION SECURITY GOVERNANCE Explanation: Since management is ultimately responsible for information security, it should approve information security policy statements; the information security manager should not have final approval. Evaluation of third parties requesting access, assessment of disaster recovery plans and monitoring of compliance with physical security controls are acceptable practices and do not present any conflicts of interest.
Question 347
The MAIN benefit of implementing a data loss prevention (DLP) solution is to:
Correct Answer: C
A data loss prevention (DLP) solution is a type of detective control that monitors and prevents unauthorized transmission or leakage of sensitive data from the organization. A DLP solution can enhance the organization's antivirus controls by detecting and blocking malicious code that attempts to exfiltrate data, but this is not its main benefit. A DLP solution cannot eliminate the risk of data loss, as there may be other sources of data loss that are not covered by the DLP solution, such as physical theft, accidental deletion, or natural disasters. A DLP solution also does not reduce the need for a security awareness program, as human factors are often the root cause of data loss incidents. A security awareness program can educate and motivate employees to follow security policies and best practices, and to report any suspicious or anomalous activities. Reference = ISACA, CISM Review Manual, 16th Edition, 2020, page 79. ISACA, CISM Review Questions, Answers & Explanations Database, 12th Edition, 2020, question ID 1003.
Question 348
Which of the following is the MOST important detail to capture in an organization's risk register?
Correct Answer: A
Question 349
Which of the following BEST facilitates the development of a comprehensive information security policy?
Correct Answer: C
Question 350
A post-incident review identified that user error resulted in a major breach. Which of the following is MOST important to determine during the review?
Correct Answer: C
The underlying reason for the user error is the most important factor to determine during the post-incident review, as this helps the information security manager to understand the root cause of the breach, and to implement corrective and preventive actions to avoid similar incidents in the future. The underlying reason for the user error may be related to the lack of training, awareness, guidance, or motivation of the user, or to the complexity, usability, or design of the system or process that the user was using. By identifying the underlying reason for the user error, the information security manager can address the human factor of the information security program, and improve the security culture and behavior of the organization. The time and location that the breach occurred, evidence of previous incidents caused by the user, and appropriate disciplinary procedures for user error are not the most important factors to determine during the post-incident review, as they do not provide a comprehensive and holistic understanding of the breach, and may not help to prevent or reduce the likelihood or impact of future incidents. References = CISM Review Manual 2023, page 1671; CISM Review Questions, Answers & Explanations Manual 2023, page 382; ISACA CISM - iSecPrep, page 233
