CISM - Information Security
Governance Exam Questions &
Answers (Grade A+)
A risk assessment and business impact analysis have been
completed for a major proposed purchase and new process for an
organization. There is a disagreement between the information
security manager and the business department manager who will
own the process regarding the results and assigned risk. Which of
the following would be the BEST approach of the information
security manager? -
correct answer ✅Review of the assessment with executive
management for final input
Who is responsible for ensuring that information is categorized and
that specific protective measures are taken? -
correct answer ✅Senior management
Ana organization's board of directors has learned of recent
legislation requiring organizations within the industry to enact
specific safeguards to protect confidential customer information.
What action should the board take next? -
correct answer ✅Require management to report on compliance
, CISM - Information Security
Governance Exam Questions &
Answers (Grade A+)
Information security should be: -
correct answer ✅a balance between technical and business
requirements
What is the MOST important factor in the successful
implementation of an enterprise wide information security
program? -
correct answer ✅Support of senior management
What is the MAIN risk when there is no user management
representation on the Information Security Steering Committee? -
correct answer ✅Information security planing are not aligned with
business requirements
The MAIN reason for having the Information Security Steering
Committee review a new security controls implantation plan is to
ensure that: -
correct answer ✅the plans aligns with the organization's business
plan
Governance Exam Questions &
Answers (Grade A+)
A risk assessment and business impact analysis have been
completed for a major proposed purchase and new process for an
organization. There is a disagreement between the information
security manager and the business department manager who will
own the process regarding the results and assigned risk. Which of
the following would be the BEST approach of the information
security manager? -
correct answer ✅Review of the assessment with executive
management for final input
Who is responsible for ensuring that information is categorized and
that specific protective measures are taken? -
correct answer ✅Senior management
Ana organization's board of directors has learned of recent
legislation requiring organizations within the industry to enact
specific safeguards to protect confidential customer information.
What action should the board take next? -
correct answer ✅Require management to report on compliance
, CISM - Information Security
Governance Exam Questions &
Answers (Grade A+)
Information security should be: -
correct answer ✅a balance between technical and business
requirements
What is the MOST important factor in the successful
implementation of an enterprise wide information security
program? -
correct answer ✅Support of senior management
What is the MAIN risk when there is no user management
representation on the Information Security Steering Committee? -
correct answer ✅Information security planing are not aligned with
business requirements
The MAIN reason for having the Information Security Steering
Committee review a new security controls implantation plan is to
ensure that: -
correct answer ✅the plans aligns with the organization's business
plan
