CISM Information Security Governance
Chapter 1 Exam Questions & Answers
(Grade A+)
Who is MAINLY responsible for protecting information assets they
have been entrusted with on a daily basis by defining who can
access the data, it's sensitivity level, type of access, and adhering to
corporate information security policies? -
correct answer ✅Data Owner
Which of the following outcome of information security governance
is MAINLY focuses on executing appropriate measures to mitigate
risk and reduce potential impact on information resources to an
acceptable level? -
correct answer ✅Risk management
Which of the following outcome of information security governance
is mainly responsible for ensuring that process operate as intended
from end to end? -
correct answer ✅Integration
Who is mainly responsible for ensuring that needed organizational
functions, resources and supporting infrastructure are available and
properly utilized to fulfil the information security related directives
of the board, regulatory compliance and other demands? -
correct answer ✅Executive management
, CISM Information Security Governance
Chapter 1 Exam Questions & Answers
(Grade A+)
Which of the following dynamic interaction of a Business Model for
Information Security (BMIS)is a pattern of behaviours, effects,
assumptions, attitude and ways of doing things? -
correct answer ✅Culture
Which of the following statement describes about the key indicator
for risk management metrics? -
correct answer ✅Defined mitigation objective for identified
significant risks.
Which of the following statement describes about the key indicator
for value delivery metrics? -
correct answer ✅The cost of a security being proportional to the
value of asset.
Which of the following statement describes the key indicator used
for resource management metrics? -
correct answer ✅Clearly defined roles and responsibilities for
information security functions.
Chapter 1 Exam Questions & Answers
(Grade A+)
Who is MAINLY responsible for protecting information assets they
have been entrusted with on a daily basis by defining who can
access the data, it's sensitivity level, type of access, and adhering to
corporate information security policies? -
correct answer ✅Data Owner
Which of the following outcome of information security governance
is MAINLY focuses on executing appropriate measures to mitigate
risk and reduce potential impact on information resources to an
acceptable level? -
correct answer ✅Risk management
Which of the following outcome of information security governance
is mainly responsible for ensuring that process operate as intended
from end to end? -
correct answer ✅Integration
Who is mainly responsible for ensuring that needed organizational
functions, resources and supporting infrastructure are available and
properly utilized to fulfil the information security related directives
of the board, regulatory compliance and other demands? -
correct answer ✅Executive management
, CISM Information Security Governance
Chapter 1 Exam Questions & Answers
(Grade A+)
Which of the following dynamic interaction of a Business Model for
Information Security (BMIS)is a pattern of behaviours, effects,
assumptions, attitude and ways of doing things? -
correct answer ✅Culture
Which of the following statement describes about the key indicator
for risk management metrics? -
correct answer ✅Defined mitigation objective for identified
significant risks.
Which of the following statement describes about the key indicator
for value delivery metrics? -
correct answer ✅The cost of a security being proportional to the
value of asset.
Which of the following statement describes the key indicator used
for resource management metrics? -
correct answer ✅Clearly defined roles and responsibilities for
information security functions.
