数年間でのIT認定試験資料向けの研究分析によって、我々社はこの業界のリーダーにだんだんなっています。弊社のチームは開発される問題集はとても全面で、受験生をISACA CISM 日本語参考に合格するのを良く助けます。周知のように、ISACA CISM 日本語参考があれば、IT業界での発展はより簡単になります。
試験科目：「Certified Information Security Manager」
NO.1 The cost of implementing a security control should not exceed the:
A. cost of an incident.
B. annualized loss expectancy.
C. asset value.
D. implementation opportunity costs.
The cost of implementing security controls should not exceed the worth of the asset. Annualized
loss expectancy represents the losses drat are expected to happen during a single calendar year. A
security mechanism may cost more than this amount (or the cost of a single incident) and still be
considered cost effective. Opportunity costs relate to revenue lost by forgoing the acquisition of an
item or the making of a business decision.
NO.2 Which of the following is MOST appropriate for inclusion in an information security strategy?
A. Business controls designated as key controls
B. Security processes, methods, tools and techniques
C. Budget estimates to acquire specific security tools
D. Firewall rule sets, network defaults and intrusion detection system (IDS) settings
CISM 合格率 CISM 返済
A set of security objectives, processes, methods, tools and techniques together constitute a security
strategy. Although IT and business governance are intertwined, business controls may not be
included in a security strategy. Budgets will generally not be included in an information security
strategy. Additionally, until information security strategy is formulated and implemented, specific
tools will not be identified and specific cost estimates will not be available. Firewall rule sets,
network defaults and intrusion detection system (IDS) settings are technical details subject to
periodic change, and are not appropriate content for a strategy document.
NO.3 When a security standard conflicts with a business objective, the situation should be resolved
A. performing a risk analysis.
B. authorizing a risk acceptance.
C. changing the security standard.
D. changing the business objective.
Conflicts of this type should be based on a risk analysis of the costs and benefits of allowing or
disallowing an exception to the standard. It is highly improbable that a business objective could be
changed to accommodate a security standard, while risk acceptance* is a process that derives from
the risk analysis.
NO.4 Successful implementation of information security governance will FIRST require:
A. updated security policies.
B. a computer incident management team.
C. a security architecture.
D. security awareness training.
Updated security policies are required to align management objectives with security procedures;
management objectives translate into policy, policy translates into procedures. Security procedures
will necessitate specialized teams such as the computer incident response and management group
as well as specialized tools such as the security mechanisms that comprise the security architecture.
Security awareness will promote the policies, procedures and appropriate use of the security
JapanCertは最新のMB2-713問題集と高品質のCWAP-402問題と回答を提供します。JapanCertのHPE0-S46 VCEテストエンジンと70-698試験ガイドはあなたが一回で試験に合格するのを助けることができます。高品質のMA0-103 PDFトレーニング教材は、あなたがより迅速かつ簡単に試験に合格することを100％保証します。試験に合格して認証資格を取るのはそのような簡単なことです。