CISM - Security Compliance Exam Questions & Answers (Grade A+).docx

CISM - Security Compliance Exam
Questions & Answers (Grade A+)
What are the characteristics of a good information security risk
management plan? -
correct answer ✅1. It should be linked to business objectives
2. It should incorporate existing risk management practices


Steps that an information security manager should follow for
planning the risk management program? -
correct answer ✅1. establishing program context and purpose
2. developing a program scope statement and charter
3. identify and classify information assets and determine asset
owners
4. define what the risk management plan will achieve for the
organization
5. determining the methodology to be used
6. establish a program implementation team with people from key
departments


Risk Management Plan - Establishing program context and purpose
-
correct answer ✅This first step in risk management planning It
includes defining the purpose of the program, setting objectives
and outcomes for the program, and determining what the

,CISM - Security Compliance Exam
Questions & Answers (Grade A+)
acceptable levels of risk are for the organization. developing a
program scope statement and charter is ranked


Risk Management Plan - developing a program scope statement
and charter -
correct answer ✅This is the second step in risk management
program planning. In this step, you create a scope statement that
defines the risk management responsibilities of each department in
the organization, the specific actions each member of a department
must take, and the scope of authority that rests with the
information security manager, and other risk management roles.


Risk Management Plan - Identify and classify information assets and
determine asset owners -
correct answer ✅This is the third step in risk management
program planning. All information assets are identified and
classified to ensure they are easily identifiable and classified.
Owners are identified and assigned so that someone is accountable
for each asset.


Risk Management Plan - Define what the risk management plan will
achieve for the organization -
correct answer ✅This is the fourth step in risk management

, CISM - Security Compliance Exam
Questions & Answers (Grade A+)
program planning. Here, the objectives for the risk management
program are set based on the risk analysis.


Risk Management Plan - Determining the methodology to be used -
correct answer ✅This is the fifth step in risk management program
planning. In this step, you determine what methods you'll use to
manage the risks you've identified and prioritized. This involves
assessing the effectiveness of the methods currently in use and
identifying and evaluating alternative methods.


Establish a program implementation team with people from key
departments -
correct answer ✅This is the sixth step in risk management
program planning. A team is established with people from all
departments. This helps in aligning the program to every activity
that the organization performs.


IR Management Program Roles -
correct answer ✅1. Governing board and senior management
2. Chief information officer
3. System and information owners
4. Business and functional managers