An organization is considering the deployment of encryption software and systems organization-wide. The MOST important consideration should be whether:
A.
a classification policy has been developed to incorporate the need for encryption
B.
the business strategy includes exceptions to the encryption standard
C.
data can be recovered if the encryption keys are misplaced
D.
the implementation supports the business strategy
Well, on a more technical exam like CASP+ that might be the right answer. Here, you have to consider the bigger picture (business) first. So I guess ISACA answer would be D.
ISACA CISM test will lean more towards the business even though classification might be the answer for this one I think business strategy alignment is more accurate as per the book.
The correct answer is A. a classification policy has been developed to incorporate the need for encryption. A classification policy identifies the different types of information that are used within an organization, specifies the appropriate controls to protect each type of information, and defines the handling and storage procedures. Encryption is typically applied to protect sensitive information. Without a classification policy, it can be challenging to identify which information requires encryption and which does not, leading to the improper application of encryption or the underprotection of sensitive information. Therefore, a classification policy is the most important consideration when considering the deployment of encryption software and systems organization-wide.
The most important thing for an information security manager is to keep the business in mind and align the security strategy to the business. With this in mind, the best choice is (D)
A. a classification policy doesn't necessarily ensure that it aligns with business strategy
B. exempting encryption from the business strategy does little to align it
C. This may be a great idea, but again doesn't align to the business strategy.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
yottabyte
10 months, 2 weeks agoAgamennore
1 year, 5 months agosphenixfire
1 year, 6 months agoAlexJacobson
1 year agokaranvp
1 year, 7 months agochanke
1 year, 7 months agorichck102
1 year, 7 months agoAbhey
1 year, 9 months agodark_3k03r
1 year, 9 months agodedfef
1 year, 10 months agoAlexJacobson
1 year agokortcl
1 year, 11 months agoMyKasala
2 years agoAlexJacobson
1 year ago