- (Topic 3)
Which of the following is the BEST way to enhance training for incident response teams?

1. A. Perform post-incident reviews.
2. B. Establish incident key performance indicators (KPIs).
3. C. Conduct interviews with organizational units.
4. D. Participate in emergency response activities.

Correct Answer: A
Performing post-incident reviews is the best way to enhance training for incident response teams because it allows them to identify the strengths and weaknesses of their response, learn from the lessons and best practices, and implement corrective actions and improvement plans for future incidents. Post-incident reviews also help to evaluate the effectiveness and efficiency of the incident response process and procedures, and to update them as needed.
References: The CISM Review Manual 2023 states that “post-incident reviews are an essential part of the incident response process” and that “they provide an opportunity to assess the performance of the incident response team, identify areas for improvement, and document lessons learned and best practices” (p. 191). The CISM Review Questions, Answers & Explanations Manual 2023 also provides the following rationale for this Answer “Performing post-incident reviews is the best way to enhance training for incident response teams, as it enables them to learn from their experience and improve their skills and knowledge” (p. 97).

- (Topic 3)
When drafting the corporate privacy statement for a public website, which of the following MUST be included?

1. A. Limited liability clause
2. B. Explanation of information usage
3. C. Information encryption requirements
4. D. Access control requirements

Correct Answer: B
A privacy statement should inform the users of the website how their personal information will be collected, used, shared, and protected by the organization. References = CISM Review Manual, 16th Edition, Chapter 4, Section 4.2.1.11

- (Topic 3)
A KEY consideration in the use of quantitative risk analysis is that it:

1. A. aligns with best practice for risk analysis of information assets.
2. B. assigns numeric values to exposures of information assets.
3. C. applies commonly used labels to information assets.
4. D. is based on criticality analysis of information assets.

Correct Answer: B
A key consideration in the use of quantitative risk analysis is that it assigns numeric values to exposures of information assets, such as the probability of occurrence, the frequency of occurrence, the impact of occurrence, and the monetary value of the assets. These numeric values help to measure and compare the risks in a more objective and consistent way, and to support the decision-making process based on cost-benefit analysis. Quantitative risk analysis also requires reliable and accurate data sources, and it may involve the use of statistical tools and techniques.
References = CISM Review Manual, 16th Edition eBook1, Chapter 2: Information Risk Management, Section: Risk Analysis, Subsection: Quantitative Risk Analysis, Page 84.

- (Topic 2)
When collecting admissible evidence, which of the following is the MOST important requirement?

1. A. Need to know
2. B. Preserving audit logs
3. C. Due diligence
4. D. Chain of custody

Correct Answer: D
Chain of custody is the MOST important requirement when collecting admissible evidence, because it ensures the integrity and authenticity of the evidence by documenting its history, handling, and storage. Chain of custody records who, what, when, where, why, and how the evidence was collected, analyzed, and preserved. Without a proper chain of custody, the evidence may be challenged or rejected in a court of law. Need to know, preserving audit logs, and due diligence are important aspects of evidence collection, but they are not as critical as chain of custody. References = CISM Review Manual, 16th Edition, page 3031; CISM Review Questions, Answers & Explanations Manual, 10th Edition, page 1492The most important requirement when collecting admissible evidence is the chain of custody. The chain of custody is a documented record of who had control of the evidence at any given time, from the point of collection until the evidence is presented in court. This is important in order to ensure the evidence can be authenticated and is not subject to tampering or any other form of interference. Other important considerations include need to know, preserving audit logs, and due diligence.

- (Topic 2)
Of the following, whose input is of GREATEST importance in the development of an information security strategy?

1. A. Process owners
2. B. End users
3. C. Security architects.
4. D. Corporate auditors

Correct Answer: A
Process owners are the people who are responsible for the design, execution, and improvement of the business processes that support the organization’s objectives and operations. Process owners have the greatest importance in the development of an information security strategy, as they provide the input and feedback on the business requirements, expectations, and priorities that the information security strategy should address and support. Process owners also help to identify and assess the risks and impacts that the business processes face, and to define and implement the security controls and measures that can mitigate or reduce them. Process owners also facilitate the alignment and integration of the information security strategy with the business strategy, as well as the communication and collaboration among the various stakeholders and functions involved in the information security program. End users, security architects, and corporate auditors are all important stakeholders in the information security program, but they do not have the greatest importance in the development of an information security strategy. End users are the people who use the information systems and services that the information security program protects and enables. End users provide the input and feedback on the usability, functionality, and performance of the information systems and services, as well as the security awareness and behavior that they exhibit. Security architects are the people who design and implement the security architecture that supports the information security strategy. Security architects provide the input and feedback on the technical requirements, capabilities, and solutions that the information security strategy should leverage and optimize. Corporate auditors are the people who evaluate and verify the compliance and effectiveness of the information security program. Corporate auditors provide the input and feedback on the standards, regulations, and best practices that the information security strategy should follow and adhere to. Therefore, process owners have the greatest importance in the development of an information security strategy, as they provide the input and feedback on the business requirements, expectations, and priorities that the information security strategy should address and support. References = CISM Review Manual 2023, page 31 1; CISM Practice Quiz 2