Find Resources and Connect with members on topics that interest you.

AI - Acquire and Implement

PO - Plan and Organize

DS - Deliver and Support

Please sign in to see your topics.

Subscribe to this discussion

Question of the day - 6 April

CISM Candidates - test your knowledge and exam preparedness with this practice question.

Which of the following is MOST important in the development of information security policies?

A. Adopting an established framework

B. Using modular design for easier maintenance

C. Using prevailing industry standards

D. Gathering stakeholder requirements

You must sign in to rate content.
(Unrated)

Comments

RE: Question of the day - 6 April

Most important to me is to elicit all requirements from the relevant stakeholders as a first step. THat's why I am choosing D.
VENCISLAV871Energizer at 4/6/2017 7:09:50 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

I will pick D too. 
Omar795Energizer at 4/6/2017 9:17:24 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

D. Gathering stakeholder requirements
RAMADJI757Social at 4/6/2017 9:40:54 PM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

it is all about security having a mission to support the business (stakeholders) objectives and so D is the obvious and only choice that would align with this.
Bart205Social at 4/7/2017 4:36:57 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

D. Gathering stakeholder requirements
Ericka571Lively at 4/7/2017 7:55:43 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

Thank you to everyone who shared their answers and thoughts on this question. The answer is D and the official explanations are . . .

A. A framework does not provide the necessary detail without including the business objectives.

B. While using a modular design should be a key consideration, it is not as important as considering stakeholder input. Stakeholder input not only enhances document completeness, it also facilitates stakeholder buy-in.

C. Prevailing industry standards are important, but may not be appropriate or suitable to address unique issues in an organization.

D. An information security policy must be holistic. It is not just a technical document requiring input mainly from information security professionals. Business and other units need to contribute to its development and maintenance.

My personal opinion - This is one of those questions where most if not all of the possible answers are "right" and it requires careful consideration to pick out the one that is MOST important. Hence in the exam it is vital a candidate takes the time to read all of the possible answers carefully before choosing.

Peter O'TooleInfluential at 4/10/2017 5:47:08 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

Thank you to everyone who shared their answers and thoughts on this question. The answer is D and the official explanations are . . .

A. A framework does not provide the necessary detail without including the business objectives.

B. While using a modular design should be a key consideration, it is not as important as considering stakeholder input. Stakeholder input not only enhances document completeness, it also facilitates stakeholder buy-in.

C. Prevailing industry standards are important, but may not be appropriate or suitable to address unique issues in an organization.

D. An information security policy must be holistic. It is not just a technical document requiring input mainly from information security professionals. Business and other units need to contribute to its development and maintenance.

My personal opinion - This is one of those questions where most if not all of the possible answers are "right" and it requires careful consideration to pick out the one that is MOST important. Hence in the exam it is vital a candidate takes the time to read all of the possible answers carefully before choosing.

Peter O'TooleInfluential at 4/10/2017 5:47:08 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

D. Gathering stakeholder requirements
Ericka571Lively at 4/7/2017 7:55:43 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

it is all about security having a mission to support the business (stakeholders) objectives and so D is the obvious and only choice that would align with this.
Bart205Social at 4/7/2017 4:36:57 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

D. Gathering stakeholder requirements
RAMADJI757Social at 4/6/2017 9:40:54 PM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

I will pick D too. 
Omar795Energizer at 4/6/2017 9:17:24 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

Most important to me is to elicit all requirements from the relevant stakeholders as a first step. THat's why I am choosing D.
VENCISLAV871Energizer at 4/6/2017 7:09:50 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

Most important to me is to elicit all requirements from the relevant stakeholders as a first step. THat's why I am choosing D.
VENCISLAV871Energizer at 4/6/2017 7:09:50 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

I will pick D too. 
Omar795Energizer at 4/6/2017 9:17:24 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

D. Gathering stakeholder requirements
RAMADJI757Social at 4/6/2017 9:40:54 PM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

it is all about security having a mission to support the business (stakeholders) objectives and so D is the obvious and only choice that would align with this.
Bart205Social at 4/7/2017 4:36:57 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

D. Gathering stakeholder requirements
Ericka571Lively at 4/7/2017 7:55:43 AM Quote
You must sign in to rate content.
(Unrated)

RE: Question of the day - 6 April

Thank you to everyone who shared their answers and thoughts on this question. The answer is D and the official explanations are . . .

A. A framework does not provide the necessary detail without including the business objectives.

B. While using a modular design should be a key consideration, it is not as important as considering stakeholder input. Stakeholder input not only enhances document completeness, it also facilitates stakeholder buy-in.

C. Prevailing industry standards are important, but may not be appropriate or suitable to address unique issues in an organization.

D. An information security policy must be holistic. It is not just a technical document requiring input mainly from information security professionals. Business and other units need to contribute to its development and maintenance.

My personal opinion - This is one of those questions where most if not all of the possible answers are "right" and it requires careful consideration to pick out the one that is MOST important. Hence in the exam it is vital a candidate takes the time to read all of the possible answers carefully before choosing.

Peter O'TooleInfluential at 4/10/2017 5:47:08 AM Quote
You must sign in to rate content.
(Unrated)

Leave a Comment

* required

You must login to leave a comment.