Isaca Updated CISM Exam Questions and Answers by georgi

Updating details within the risk register is the next step for the information security manager to do after senior management has accepted the risk of noncompliance with a new regulation because it records and communicates the risk status, impact, and response strategy to the relevant stakeholders. Reporting the decision to the compliance officer is not the next step, but rather a possible subsequent step that involves informing and consulting with the compliance officer about the risk acceptance and its implications. Reassessing the organization’s risk tolerance is not the next step, but rather a possible subsequent step that involves reviewing and adjusting the organization’s risk appetite and thresholds based on the risk acceptance and its implications. Assessing the impact of the regulation is not the next step, but rather a previous step that involves analyzing and evaluating the potential consequences and likelihood of noncompliance with the regulation. References: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/how-to-measure-the-effectiveness-of-information-security-using-iso-27004 https://www.isaca.org/resources/isaca-journal/issues/2017/volume-3/how-to-measure-the-effectiven ess-of-your-information-security-management-system

A hot site is the most reliable type of recovery site and can support stringent recovery requirements because it is a fully operational facility that mirrors the primary production center. A hot site has all the hardware, software, data, network, and personnel ready to resume the critical business functions within minutes of a disruptive event. A hot site also has backup power, security, and communication systems to ensure the continuity of operations.

References: The CISM Review Manual 2023 defines a hot site as “a fully operational facility that mirrors the primary production center” and states that “a hot site can support stringent recovery requirements and provide the shortest recovery time” (p. 190). The CISM Review Questions, Answers & Explanations Manual 2023 also provides the following rationale for this answer: “A hot site is the correct answer because it is the most reliable type of recovery site and can support stringent recovery requirements, as it is a fully operational facility that mirrors the primary production center and can resume the critical business functions within minutes of a disruptive event” (p. 96). Additionally, the web search result 1 states that “the recovery site can be hot, warm, cold or mobile. Hot sites are facilities that mirror the primary production center” and that “hot sites are the most reliable and can support stringent recovery requirements” (p. 1).