CISM Certified Information Security Manager – Question1043

During an annual security review of an organization’s servers, it was found that the customer service team’s file server, which contains sensitive customer data, is accessible to all user IDs in the organization. Which of the following should the information security manager do FIRST?

A.
Report the situation to the data owner
B. Remove access privileges to the folder containing the data
C. Isolate the server from the network
D. Train the customer service team on properly controlling file permissions

Correct Answer: A

CISM Certified Information Security Manager – Question1041

Which of the following metrics BEST evaluates the completeness of disaster-recovery preparations?

A.
Number of published application-recovery plans
B. Ratio of recovery-plan documents to total applications
C. Ratio of tested applications to total applications
D. Ratio of successful to unsuccessful tests

Correct Answer: C