Resolved Questions
Answer
Hi, This issue is now fixed. Initially, users had to manually reset their scores to re-attempt. Now, this happens automatically. Hope this helps!
Answer
Hi, You are right. Thanks for pointing out this issue. The correct answer for question 6 is option B. We'll consider incorporating this fix in a future update we'll do on the PDF and print versions of the book. Apologies for the inconvenience and thank you so much for picking this up!
Answer
The question asks about an "area of most concern" or what could be called a "red flag" that the security manager should take note of. Security projects reviewed and approved by the data center manager is a significant area of concern because the data center manager cannot ensure the alignment of security projects with the overall enterprise objectives, thereby causing an adverse impact on security governance. That's why, the answer to this question given in the book is D, "security projects are reviewed by the data center manager." Option B would be incorrect because an information security policy approved by senior management is not an area of concern. This applies to the other options as well.
Answer
You are correct. Thanks a lot for pointing this out! It was incorrectly marked due to an error during upload. We've fixed the question now. The correct answer will be B.
Answer
First option ideally should be consulting the legal counsel to understand the applicability of the regulation on your organization.
Answer
Correct Answer should be KPI. Let us understand the KPI and KRI: KPI is a measurable value that helps organizations track progress towards achieving their goals and objectives. KPIs are typically used to evaluate the performance of individuals, teams, departments, or the entire organization. They are often associated with specific targets or benchmarks and provide a clear indication of whether desired outcomes are being met. Here's an example to illustrate KPI: Imagine you're managing an e-commerce website, and one of your main goals is to increase online sales. A relevant KPI for this goal could be the conversion rate, which measures the percentage of website visitors who make a purchase. You can set a target conversion rate, say 5%, and regularly monitor the KPI to assess whether you're meeting that target. If the conversion rate falls below the desired level, you can take corrective actions to improve it. On the other hand, KRI stands for Key Risk Indicator. It is a metric used to identify and monitor potential risks or threats to an organization. KRIs help management and stakeholders stay informed about the level of risk exposure and enable proactive risk management. Unlike KPIs, which focus on measuring performance, KRIs concentrate on measuring potential risks or vulnerabilities. Let's consider an example of a KRI: Suppose you're responsible for cybersecurity in a company. One of the key risks you want to monitor is the number of unauthorized login attempts on your network. You establish a KRI that tracks the frequency of such attempts. If you notice a sudden increase in unauthorized login attempts, it could indicate a potential security breach or hacking attempt. By monitoring this KRI, you can take immediate action to strengthen your security measures and prevent any potential threats. In summary, KPIs are used to measure performance and progress towards achieving goals, while KRIs are used to monitor and manage potential risks or vulnerabilities to an organization. Both KPIs and KRIs are valuable tools that provide valuable insights and help guide decision-making processes.
Answer
For CISM exam, both terms are used interchangeably.
CISM Exam Prep Guide 2nd Edition
By Hemang Doshi
Buy the book to unlock all practice questions, flashcards, and exam tips.
Buy It Here