- (Topic 2)
Which of the following is the MOST important consideration when defining a recovery strategy in a business continuity plan (BCP)?

1. A. Legal and regulatory requirements
2. B. Likelihood of a disaster
3. C. Organizational tolerance to service interruption
4. D. Geographical location of the backup site

Correct Answer: C
= The organizational tolerance to service interruption is the most important consideration when defining a recovery strategy in a business continuity plan (BCP), as it reflects the degree of risk that the organization is willing to accept in the event of a disaster. The organizational tolerance to service interruption determines the acceptable level of downtime, data loss, or disruption that the organization can tolerate, and thus guides the selection of recovery objectives, strategies, and resources. Legal and regulatory requirements are external factors that influence the recovery strategy, but are not the primary consideration. Likelihood of a disaster is a factor that affects the recovery strategy, but is not the most important one. Geographical location of the backup site is a factor that affects the recovery strategy, but is not as critical as organizational tolerance to service interruption. References = CISM Review Manual, 16th Edition, page 1731; CISM Review Questions, Answers & Explanations Manual, 10th Edition, page 792
Learn more: 1. isaca.org2. amazon.com3. gov.uk

- (Topic 1)
Which of the following is MOST critical when creating an incident response plan?

1. A. Identifying vulnerable data assets
2. B. Identifying what constitutes an incident
3. C. Decumenting incident notification and escalation processes
4. D. Aligning with the risk assessment process

Correct Answer: C
= Documenting incident notification and escalation processes is the most critical step when creating an incident response plan, as this ensures that the appropriate stakeholders are informed and involved in the response process. Identifying vulnerable data assets, what constitutes an incident, and aligning with the risk assessment process are important, but not as critical as documenting the communication and escalation procedures. References = CISM Review Manual 2023, page 1631; CISM Review Questions, Answers & Explanations Manual 2023, page 282

- (Topic 3)
Which of the following BEST supports effective communication during information security incidents7

1. A. Frequent incident response training sessions
2. B. Centralized control monitoring capabilities
3. C. Responsibilities defined within role descriptions
4. D. Predetermined service level agreements (SLAs)

Correct Answer: D
The best way to support effective communication during information security incidents is to have predetermined service level agreements (SLAs) because they define the expectations and responsibilities of the parties involved in the incident response process, and specify the communication channels, methods, and frequency for reporting and updating on the incident status and resolution. Frequent incident response training sessions are not very effective because they do not address the communication needs or challenges during an actual incident. Centralized control monitoring capabilities are not very effective because they do not address the communication needs or challenges during an actual incident. Responsibilities defined within role descriptions are not very effective because they do not address the communication needs or challenges during an actual incident. References: https://www.isaca.org/resources/isaca-journal/issues/2017/volume- 5/incident-response-lessons-learned https://www.isaca.org/resources/isaca- journal/issues/2018/volume-3/incident-response-lessons-learned

- (Topic 2)
Which of the following BEST demonstrates the added value of an information security program?

1. A. Security baselines
2. B. A gap analysis
3. C. A SWOT analysis
4. D. A balanced scorecard

Correct Answer: D
A balanced scorecard is a tool that can be used to demonstrate the added value of an information security program by measuring and reporting on key performance indicators (KPIs) and key risk indicators (KRIs) aligned with strategic objectives. Security baselines, a gap analysis and a SWOT analysis are all useful for assessing and improving security posture, but they do not necessarily show how security contributes to business value.

- (Topic 2)
An organization's quality process can BEST support security management by providing:

1. A. security configuration controls.
2. B. assurance that security requirements are met.
3. C. guidance for security strategy.
4. D. a repository for security systems documentation.

Correct Answer: B
= A quality process is a set of activities that ensures that the products or services delivered by an organization meet the customer’s expectations and comply with the applicable standards and regulations. A quality process can support security management by providing assurance that security requirements are met throughout the development, implementation and maintenance of information systems and processes. A quality process can also help to identify and correct security defects, measure security performance and effectiveness, and improve security practices and procedures. References = CISM Review Manual, 15th Edition, page 671; CISM Review Questions, Answers & Explanations Database, question ID 2092.
An organization's quality process can BEST support security management by providing assurance that security requirements are met. This means that the quality process can be used to ensure that security controls are being implemented as intended and that they are achieving the desired results. This helps to ensure that the organization is properly protected and that it is in compliance with security regulations and standards.