Isaca Updated CISM Exam Questions and Answers by lowen

The Recovery Time Objective (RTO) specifies the maximum acceptable downtime before operations must resume. A 30-minute requirement directly defines the RTO for those systems.

“RTO defines the duration within which systems must be restored following an outage to prevent unacceptable business impact.”

— CISM Review Manual 15th Edition, Chapter 3: Business Continuity Planning, Section: Continuity Metrics*

Comprehensive and Detailed Step-by-Step Explanation:

Security Information and Event Management (SIEM) systems are designed to collect, analyze, and correlate data from multiple sources, making them the BEST choice for identifying and correlating intrusion attempt alerts.

A. Threat analytics software: While this can provide insights, it is not specialized for real-time correlation and alerting across various platforms.

B. Host intrusion detection system (HIDS): HIDS monitors individual hosts and detects intrusions, but it does not correlate alerts from multiple sources.

C. SIEM: This is the BEST answer because SIEM integrates logs from diverse systems, applies correlation rules, and provides actionable insights into intrusion attempts.

D. Network intrusion detection system (NIDS): While NIDS detects network-level anomalies, it does not correlate alerts from other systems.

The primary focus of a status report on the information security program to senior management is to demonstrate that the risk to the organization’s information assets is managed at the desired level, in alignment with the business objectives and risk appetite. This can be achieved by providing relevant and meaningful metrics, indicators, and trends that show the performance, effectiveness, and value of the information security program, as well as the current and emerging risks and the corresponding mitigation strategies. (From CISM Review Manual 15th Edition)

According to the CISM Review Manual, 15th Edition1, the information security manager is responsible for ensuring that the information security program supports the organization’s objectives and aligns with applicable laws and regulations. The information security manager is also responsible for overseeing the implementation and maintenance of effective IT controls, as well as monitoring and reporting on their performance.

References = 1: CISM Review Manual, 15th Edition, ISACA, 2016, Chapter 1, page 10.