CISSP PRACTICE QUESTIONS – 20201218

Effective CISSP Questions

As a CISO, which of the following is your most significant responsibility?
A. Classify information assets
B. Position and integrate security function
C. Conduct security audits to ensure compliance
D. Conduct business impact analysis to determine maximum tolerable downtime

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Position and integrate security function.

  • The CISO should position the security function properly, e.g., the reporting line and roles & responsibilities, and integrate security into business functions and processes.
  • Data owners classify information assets.
  • Auditors conduct security audits to ensure compliance.
  • Business people are the best candidates to conduct business impact analysis and determine maximum tolerable downtime because they know the business the most.

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

作為首席信息安全官,以下哪項是您最重要的責任?
A. 對資訊資產進行分類
B. 定位及整合安全功能(security function)
C. 進行安全稽核以確保符合性(compliance)
D. 進行業務影響分析(BIA)以確定最大可容忍的停擺時間(MTD)

Leave a Reply