CISM Information Security Governance Practice Test Set 3

Which of the following is the MOST important prerequisite for establishing information security management within an organization?


Options are :

  • Senior management commitment
  • Information security framework
  • Information security policy
  • Information security organizational structure

Answer : Senior management commitment

Which of the following BEST describes an information security manager's role in a multidisciplinary team that will address a new regulatory requirement regarding operational risk?


Options are :

  • Suggest new IT controls to mitigate operational risk
  • Demonstrate that IT mitigating controls are in place
  • Ensure that all IT risks are identified
  • Evaluate the impact of information security risks

Answer : Evaluate the impact of information security risks

CISM Information Security Program Management Practice Exam Set 2

Which of the following would BEST prepare an information security manager for regulatory reviews?


Options are :

  • Assign an information security administrator as regulatory liaison
  • Assess previous regulatory reports with process owners input
  • Ensure all regulatory inquiries are sanctioned by the legal department
  • Perform self-assessments using regulatory guidelines and reports

Answer : Perform self-assessments using regulatory guidelines and reports

Information security policy enforcement is the responsibility of the:


Options are :

  • chief information security officer (CISO).
  • chief compliance officer (CCO).
  • chief information officer (CIO).
  • security steering committee

Answer : chief information security officer (CISO).

Who is ultimately responsible for the organization's information?


Options are :

  • Chief information officer (CIO)
  • Board of directors
  • Data custodian
  • Chief information security officer (CISO)

Answer : Board of directors

CISM Information Security Program Management Test

What will have the HIGHEST impact on standard information security governance models?


Options are :

  • Distance between physical locations
  • Number of employees
  • Organizational budget
  • Complexity of organizational structure

Answer : Complexity of organizational structure

Which of the following is the MOST important information to include in a strategic plan for information security?


Options are :

  • Information security staffing requirements
  • IT capital investment requirements
  • information security mission statement
  • Current state and desired future state

Answer : Current state and desired future state

An internal audit has identified major weaknesses over IT processing. Which of the following should an information security manager use to BEST convey a sense of urgency to management?


Options are :

  • Security metrics reports
  • Risk assessment reports
  • Return on security investment report
  • Business impact analysis (BIA)

Answer : Risk assessment reports

CISM Information Risk Management Certification

The PRIMARY concern of an information security manager documenting a formal data retention policy would be:


Options are :

  • generally accepted industry best practices.
  • legislative and regulatory requirements.
  • storage availability.
  • business requirements

Answer : business requirements

The PRIMARY objective of a security steering group is to:


Options are :

  • raise information security awareness across the organization.
  • implement all decisions on security management across the organization.
  • ensure information security aligns with business goals.
  • ensure information security covers all business functions

Answer : ensure information security aligns with business goals.

While implementing information security governance an organization should FIRST:


Options are :

  • establish security policies.
  • adopt security standards.
  • determine security baselines.
  • define the security strategy.

Answer : define the security strategy.

CISM Information Security Governance Practice Test Set 1

Which of the following is the MOST essential task for a chief information security officer (CISO) to perform?


Options are :

  • Develop an information security strategy paper
  • Approve access to critical financial systems
  • Conduct disaster recovery test exercises
  • Update platform-level security settings

Answer : Develop an information security strategy paper

Which of the following is the MOST important information to include in an information security standard?


Options are :

  • Last review date
  • Author name
  • Creation date
  • Initial draft approval date

Answer : Last review date

What is the PRIMARY role of the information security manager in the process of information classification within an organization?


Options are :

  • Securing information assets in accordance with their classification
  • Defining and ratifying the classification structure of information assets
  • Checking if information assets have been classified properly
  • Deciding the classification levels applied to the organization's information assets

Answer : Defining and ratifying the classification structure of information assets

CISM Information Risk Management Certification Practice

When an information security manager is developing a strategic plan for information security, the timeline for the plan should be:


Options are :

  • three-to-five years for both hardware and software.
  • aligned with the IT strategic plan.
  • aligned with the business strategy.
  • based on the current rate of technological change.

Answer : aligned with the business strategy.

Which of the following would be MOST effective in successfully implementing restrictive password policies?


Options are :

  • Regular password audits
  • Security awareness program
  • Single sign-on system
  • Penalties for noncompliance

Answer : Security awareness program

Data owners must provide a safe and secure environment to ensure confidentiality, integrity and availability of the transaction. This is an example of an information security:


Options are :

  • baseline
  • policy
  • procedure.
  • strategy

Answer : policy

CISM Information Security Governance Practice Test Set 1

Reviewing which of the following would BEST ensure that security controls are effective?


Options are :

  • Security metrics
  • User access rights
  • Return on security investment
  • Risk assessment policies

Answer : Security metrics

Which of the following is MOST important in developing a security strategy?


Options are :

  • Having a reporting line to senior management
  • Creating a positive business security environment
  • Allocating sufficient resources to information security
  • Understanding key business objectives

Answer : Understanding key business objectives

A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following would be of MOST value?


Options are :

  • Statement of generally accepted best practices
  • Examples of genuine incidents at similar organizations
  • Associating realistic threats to corporate objectives
  • Analysis of current technological exposures

Answer : Associating realistic threats to corporate objectives

CISM Information Risk Management Certification

Which of the following should be the FIRST step in developing an information security plan?


Options are :

  • Perform a technical vulnerabilities assessment
  • Assess the current levels of security awareness
  • Analyze the current business strategy
  • Perform a business impact analysis

Answer : Analyze the current business strategy

CISM Incident Management and Response Practice Exam

Which of the following situations must be corrected FIRST to ensure successful information security governance within an organization?


Options are :

  • The chief information officer (CIO) approves security policy changes.
  • The information security department has difficulty filling vacancies.
  • The data center manager has final signoff on all security projects.
  • The information security oversight committee only meets quarterly.

Answer : The data center manager has final signoff on all security projects.

The MOST appropriate role for senior management in supporting information security is the:


Options are :

  • monitoring adherence to regulatory requirements.
  • approval of policy statements and funding.
  • evaluation of vendors offering security products.
  • assessment of risks to the organization.

Answer : approval of policy statements and funding.

Senior management commitment and support for information security can BEST be enhanced through:


Options are :

  • a formal security policy sponsored by the chief executive officer (CEO).
  • senior management signoff on the information security strategy
  • regular security awareness training for employees.
  • periodic review of alignment with business management goals

Answer : periodic review of alignment with business management goals

CISM Information Security Program Management Practice Exam Set 5

Which of the following individuals would be in the BEST position to sponsor the creation of an information security steering group?


Options are :

  • Legal counsel
  • Information security manager
  • Chief operating officer (COO)
  • Internal auditor

Answer : Chief operating officer (COO)

Which of the following characteristics is MOST important when looking at prospective candidates for the role of chief information security officer (CISO)?


Options are :

  • Ability to manage a diverse group of individuals and resources across an organization
  • Knowledge of the regulatory environment and project management techniques
  • Ability to understand and map organizational needs to security technologies
  • Knowledge of information technology platforms, networks and development methodologie

Answer : Ability to understand and map organizational needs to security technologies

Which of the following would BEST ensure the success of information security governance within an organization?


Options are :

  • Security policy training provided to all managers
  • Steering committees approve security projects
  • Security training available to all employees on the intranet
  • Steering committees enforce compliance with laws and regulations

Answer : Steering committees approve security projects

CISM Certified Information Security Manager Test Practice

When an organization hires a new information security manager, which of the following goals should this individual pursue FIRST?


Options are :

  • Establish good communication with steering committee members
  • Assemble an experienced staff
  • Develop a security architecture
  • Benchmark peer organizations

Answer : Establish good communication with steering committee members

Senior management commitment and support for information security will BEST be attained by an information security manager by emphasizing:


Options are :

  • security needs
  • organization wide metrics.
  • organizational risk
  • the responsibilities of organizational units.

Answer : organizational risk

When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?


Options are :

  • Develop a compliance risk assessment
  • Develop policies that meet all mandated requirements
  • Incorporate policy statements provided by regulators
  • Create separate policies to address each regulation

Answer : Develop policies that meet all mandated requirements

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions