Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location PL
Mob_nav_barsMENU

Isaca Exam CISM Topic 7 Question 91 Discussion

Actual exam question for Isaca's CISM exam
Question #: 91
Topic #: 7
[All CISM Questions]

Which of the following is the BEST indication of an effective information security program?

Show Suggested Answer Hide Answer
Suggested Answer: A

Comprehensive and Detailed Step-by-Step Explanation:

An effective information security program aims to manage risks to acceptable levels while supporting business objectives.

A . Risk is treated to an acceptable level: This is the BEST answer as it directly reflects the program's success in mitigating risks within the organization's tolerance levels.

B . The number of security incidents reported by staff has increased: An increase in reported incidents might indicate improved awareness but does not necessarily reflect overall effectiveness.

C . Key risk indicators (KRIs) are established: KRIs are important for monitoring risks but do not indicate whether risks are being effectively managed.

D . Policies are reviewed and approved by senior management: While essential, this action alone does not demonstrate the program's effectiveness.


by Mona at Jan 14, 2025, 02:05 PM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Sherita
4 months ago
Wow, these choices are quite the security buffet. I'll take one of each, please!
upvoted 0 times
...
Jina
4 months ago
Hmm, I'm not sure. Shouldn't the number of incidents be going down if the program is effective? B seems counterintuitive to me.
upvoted 0 times
...
Avery
4 months ago
I'm going with D. If senior management is approving the policies, that's a good sign the program is on the right track.
upvoted 0 times
Dorian
3 months ago
I agree, having senior management involved is crucial for a strong information security program.
upvoted 0 times
...
Alesia
3 months ago
D) Policies are reviewed and approved by senior management.
upvoted 0 times
...
Wenona
3 months ago
C) Key risk indicators (KRIs) are established.
upvoted 0 times
...
Jeannetta
4 months ago
A) Risk is treated to an acceptable level.
upvoted 0 times
...
...
Kiley
4 months ago
I disagree, I think C is the correct answer. Key risk indicators are crucial for measuring the program's effectiveness.
upvoted 0 times
Edelmira
4 months ago
C) Key risk indicators (KRIs) are established.
upvoted 0 times
...
Julene
4 months ago
A) Risk is treated to an acceptable level.
upvoted 0 times
...
...
Cassi
5 months ago
I believe C) Key risk indicators (KRIs) are established is also important. It helps in monitoring and measuring risks.
upvoted 0 times
...
Shayne
5 months ago
The best indication of an effective information security program is definitely A. Risk being treated to an acceptable level. That's the whole point, isn't it?
upvoted 0 times
Fannie
4 months ago
C) Key risk indicators (KRIs) are established.
upvoted 0 times
...
Barrett
4 months ago
A) Risk is treated to an acceptable level.
upvoted 0 times
...
...
Rodolfo
5 months ago
I agree with Raina. If risks are managed well, then the information security program is effective.
upvoted 0 times
...
Raina
5 months ago
I think the best indication is A) Risk is treated to an acceptable level.
upvoted 0 times
...

Save Cancel
az-700  pass4success  az-104  200-301  200-201  cissp  350-401  350-201  350-501  350-601  350-801  350-901  az-720  az-305  pl-300  

Warning: Cannot modify header information - headers already sent by (output started at /pass.php:70) in /pass.php on line 77