New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 6 Question 67 Discussion

Actual exam question for Isaca's CISM exam
Question #: 67
Topic #: 6
[All CISM Questions]

When implementing a security policy for an organization handling personally identifiable information (Pll); the MOST important objective should be:

Show Suggested Answer Hide Answer
Suggested Answer: B

Regulatory compliance is the most important objective when implementing a security policy for an organization handling personally identifiable information (PII) because it helps to ensure that the organization meets the legal and ethical obligations to protect the privacy and security of PII. PII is any information that can be used to identify, contact, or locate an individual, such as name, address, email, phone number, social security number, etc. PII is subject to various laws and regulations in different jurisdictions, such as the General Data Protection Regulation (GDPR) in the European Union, the California Consumer Privacy Act (CCPA) in the United States, or the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada. Failing to comply with these regulations can result in fines, lawsuits, reputational damage, or loss of trust. Therefore, regulatory compliance is the correct answer.


https://www.iso.org/obp/ui/en/#iso:std:iso-iec:27018:ed-2:v1:en

https://www.digitalguardian.com/blog/how-secure-personally-identifiable-information-against-loss-or-compromise

https://blog.rsisecurity.com/how-to-make-a-personally-identifiable-information-policy/

by Vallie at Feb 10, 2024, 08:44 PM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Ling
3 months ago
Surprised no one mentioned user training first!
upvoted 0 times
...
Cruz
3 months ago
Totally agree with strong encryption!
upvoted 0 times
...
Mona
3 months ago
Wait, isn't data availability just as important?
upvoted 0 times
...
Norah
4 months ago
I think regulatory compliance is the top priority.
upvoted 0 times
...
Kanisha
4 months ago
Strong encryption is a must!
upvoted 0 times
...
Carri
4 months ago
Security awareness training is definitely necessary, but I feel like it might be more of a supporting measure rather than the main objective.
upvoted 0 times
...
Laurel
4 months ago
Data availability seems important, but I wonder if it should come before compliance or encryption. I guess it depends on the context of the organization.
upvoted 0 times
...
Jerry
4 months ago
I remember a practice question that emphasized strong encryption as a key factor in protecting PII. It feels like that should be a top priority too.
upvoted 0 times
...
Twila
5 months ago
I think regulatory compliance is crucial, especially with laws like GDPR and CCPA. But I'm not entirely sure if it's the most important objective.
upvoted 0 times
...
Cathern
5 months ago
I'm pretty confident the answer is regulatory compliance. Organizations can't just focus on technical controls - they have to make sure they are meeting all the legal requirements for PII data.
upvoted 0 times
...
Chu
5 months ago
Data availability is important, but I don't think it's the most important objective here. Protecting the PII data has to come first, so I'd say the answer is either regulatory compliance or strong encryption.
upvoted 0 times
...
Willetta
5 months ago
Security awareness training for employees is crucial. Even the best technical controls won't matter if people don't know how to handle PII securely.
upvoted 0 times
...
Gary
5 months ago
I think the most important objective is regulatory compliance. Organizations handling PII need to make sure they are following all the relevant laws and regulations.
upvoted 0 times
...
Peggie
5 months ago
Hmm, I'm not sure. Strong encryption seems really important for protecting the PII data, but I guess regulatory compliance could be the top priority. I'll have to think about this one.
upvoted 0 times
...
Ahmed
5 months ago
Hmm, this seems like a tricky one. I'll need to carefully review the exhibit and the options to identify the potential issues.
upvoted 0 times
...
Nobuko
5 months ago
Hmm, I'm not totally sure about this one. I know portfolio management involves managing resources across different initiatives, but I'm not confident about the specific types of resources that need to be considered. I'll have to think this through carefully.
upvoted 0 times
...
Luis
5 months ago
Okay, let's see. The question mentions the existing fabric settings have an MTU of 1500, so I'll need to figure out the minimum MTU required for the ISN to support that.
upvoted 0 times
...
Terry
2 years ago
Yes, data availability is important, but if PII is not properly protected, it can lead to serious consequences.
upvoted 0 times
...
Colene
2 years ago
I beliErick data availability is also crucial in ensuring smooth operations.
upvoted 0 times
...
Ma
2 years ago
Regulatory compliance is important, but without strong encryption, PII can still be at risk.
upvoted 0 times
...
Erick
2 years ago
But what about regulatory compliance? Shouldn't that be a priority too?
upvoted 0 times
...
Terry
2 years ago
I agree, protecting PII with strong encryption is crucial.
upvoted 0 times
...
Colene
2 years ago
I think the most important objective should be strong encryption.
upvoted 0 times
...

Save Cancel