CISM Exam Prep Questions &
Answers (Grade A+)
Information security governance is primarily driven by: -
correct answer ✅Business strategy
Who should drive the risk analysis for an organization? -
correct answer ✅the Security Manager
Who should be responsible for enforcing access rights to
application data? -
correct answer ✅Security administrators
The MOST important component of a privacy policy is: -
correct answer ✅notifications
Investment in security technology and processes should be based
on: -
correct answer ✅clear alignment with the goals and objectives of
the organization
Define information security governance -
correct answer ✅1. A set of policies and procedures that
establishes a framework of information security strategies
,CISM Exam Prep Questions &
Answers (Grade A+)
2. A practice area that ensures efficient utilization of information
resources
The main purpose of information security governance -
correct answer ✅to ensure the safety of information including its
Confidentiality, Integrity and Availability. Information security
governance protects information from loss, misuse, unauthorized
usage, and destruction during its life cycle or the time it is being
used in an organization.
Benefits of information security governance -
correct answer ✅- accountability for protecting information during
important business activities
- reduction of the impact of security incidents
- reduction in risks to tolerable limits
- protection from civil and legal liabilities
- enhancement of trust in customer relationships
- assurance of policy compliance
- protection of company reputation
, CISM Exam Prep Questions &
Answers (Grade A+)
In order to be effective, information security governance needs to
provide 6 basic outcomes: -
correct answer ✅- strategic alignment
- value delivery
- risk management
- performance measurement
- resource management
- integration
Should information security investments be optimized or
minimized? -
correct answer ✅Optimized so that they support business
objectives.
Primary goals of resource management: -
correct answer ✅- keeping a record of security practices and
processes
- acquiring knowledge and making it accessible
- building a security architecture that identifies and uses
infrastructure resources properly
Answers (Grade A+)
Information security governance is primarily driven by: -
correct answer ✅Business strategy
Who should drive the risk analysis for an organization? -
correct answer ✅the Security Manager
Who should be responsible for enforcing access rights to
application data? -
correct answer ✅Security administrators
The MOST important component of a privacy policy is: -
correct answer ✅notifications
Investment in security technology and processes should be based
on: -
correct answer ✅clear alignment with the goals and objectives of
the organization
Define information security governance -
correct answer ✅1. A set of policies and procedures that
establishes a framework of information security strategies
,CISM Exam Prep Questions &
Answers (Grade A+)
2. A practice area that ensures efficient utilization of information
resources
The main purpose of information security governance -
correct answer ✅to ensure the safety of information including its
Confidentiality, Integrity and Availability. Information security
governance protects information from loss, misuse, unauthorized
usage, and destruction during its life cycle or the time it is being
used in an organization.
Benefits of information security governance -
correct answer ✅- accountability for protecting information during
important business activities
- reduction of the impact of security incidents
- reduction in risks to tolerable limits
- protection from civil and legal liabilities
- enhancement of trust in customer relationships
- assurance of policy compliance
- protection of company reputation
, CISM Exam Prep Questions &
Answers (Grade A+)
In order to be effective, information security governance needs to
provide 6 basic outcomes: -
correct answer ✅- strategic alignment
- value delivery
- risk management
- performance measurement
- resource management
- integration
Should information security investments be optimized or
minimized? -
correct answer ✅Optimized so that they support business
objectives.
Primary goals of resource management: -
correct answer ✅- keeping a record of security practices and
processes
- acquiring knowledge and making it accessible
- building a security architecture that identifies and uses
infrastructure resources properly
