ExamTopics Logo
Mail Us[email protected]
Menu
Isaca Discussions
exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam
Go to Exam

Exam CISM topic 1 question 230 discussion

Actual exam question from Isaca's CISM
Question #: 230
Topic #: 1
[All CISM Questions]

A new information security manager finds that the organization tends to use short-term solutions to address problems. Resource allocation and spending are not effectively tracked, and there is no assurance that compliance requirements are being met. What should be done FIRST to reverse this bottom-up approach to security?

  • A. Implement an information security awareness training program.
  • B. Conduct a threat analysis.
  • C. Establish an audit committee.
  • D. Create an information security steering committee.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by richck102 at June 3, 2023, 4:54 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
VijaySharma
8 months ago
I am confused as question says Bottom-UP for which Security awareness is start point while correct answer says creating Steering Committee.
upvoted 2 times
...
oluchecpoint
10 months, 1 week ago
Selected Answer: D
D. Create an information security steering committee. Creating an information security steering committee is crucial because it will establish a structured and top-down approach to information security within the organization. This committee typically includes key stakeholders from various departments and levels of the organization, including senior management. Their primary responsibility is to provide governance, oversight, and strategic direction for information security.
upvoted 2 times
...
ats20
10 months, 2 weeks ago
Selected Answer: D
Establishing an information security steering committee is essential for bringing a strategic and top-down approach to information security.
upvoted 1 times
...
oluchecpoint
1 year, 2 months ago
D. Create an information security steering committee. Creating an information security steering committee is crucial because it will establish a structured and top-down approach to information security within the organization. This committee typically includes key stakeholders from various departments and levels of the organization, including senior management. Their primary responsibility is to provide governance, oversight, and strategic direction for information security.
upvoted 1 times
...
drewl25
1 year, 4 months ago
Selected Answer: C
C. Establish an Audit Committee: Establishing an audit committee helps ensure that governance, risk management, and compliance are appropriately addressed at the organizational level. The audit committee typically includes senior management and key stakeholders from different business units, IT, and other relevant departments. It plays a crucial role in overseeing and providing guidance on the organization's information security initiatives, resource allocation, and compliance. By having an audit committee in place, the organization can move towards a more structured and formalized approach to information security, with better tracking of resource allocation, spending, and compliance efforts. The committee can provide a centralized mechanism for monitoring the organization's security posture and risk management practices.
upvoted 1 times
...
Jae_kes
1 year, 5 months ago
Selected Answer: D
D. Create an information security steering committee.
upvoted 3 times
...
richck102
1 year, 6 months ago
Selected Answer: A
A. Implement an information security awareness training program.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel