CISM Practice - Chapter 1 Questions
And Answers
CH1: What are the 6 outcomes of Security Governance? -
correct answer ✅1. Strategic Alignment
2. Risk Management
3. Value Delivery
4. Resource Optimization
5. Performance Measurement
6 Assurance Process Integration
CH1: A security strategy is important for an organization PRIMARILY
because it:
A. provides a basis for determining the best logical security
architecture for the organization.
B. provides the approach to acheiving the outcomes management
wants.
C. Provides users guidance on how to operate securely in everyday
tasks.
D. helps IS auditors ensure compliance. -
correct answer ✅B.
,CISM Practice - Chapter 1 Questions
And Answers
A security strategy will define the approach to achieving the
security program outcomes management wants. It should also be a
statement of how security aligns with and supports business
objectives, and it provides the basis for good security governance.
CH1: Which of the following is the MOST important reason to
provide effective communication about information security?
A. It makes information security more palatable to resistant
employees.
B. It mitigates the weakest link in the information security
landscape.
C. It informs business units about the information security strategy.
D. It helps the organization conform to regulatory information
security requirements. -
correct answer ✅B.
Security failures are, in the majority of instances, directly
attributable to lack of awareness or failure of employees to follow
policies or procedures. Communication is important to ensure
continued awareness of security policies and procedures among
staff and business partners.
, CISM Practice - Chapter 1 Questions
And Answers
CH1: Which of the following approaches BEST helps the information
security manager achieve compliance with various regulatory
requirements?
A. Rely on corporate counsel to advise which regulations are the
most relevant.
B. Stay current with all relevant regulations and request legal
interpretation.
C. Involve all impacted departments and treat regulations as just
another risk.
D. Ignore many of the regulations that have no penalties. -
correct answer ✅C.
Departments such as HR, finance, and legal are most oftensubject
to new regulations and therefore must be involved in determining
how best to meet the existing and emerging requirements and
would be most aware of these regulations. Treating regulations like
a risk puts them in the proper perspective and mechanisms to deal
with them should already exist.
And Answers
CH1: What are the 6 outcomes of Security Governance? -
correct answer ✅1. Strategic Alignment
2. Risk Management
3. Value Delivery
4. Resource Optimization
5. Performance Measurement
6 Assurance Process Integration
CH1: A security strategy is important for an organization PRIMARILY
because it:
A. provides a basis for determining the best logical security
architecture for the organization.
B. provides the approach to acheiving the outcomes management
wants.
C. Provides users guidance on how to operate securely in everyday
tasks.
D. helps IS auditors ensure compliance. -
correct answer ✅B.
,CISM Practice - Chapter 1 Questions
And Answers
A security strategy will define the approach to achieving the
security program outcomes management wants. It should also be a
statement of how security aligns with and supports business
objectives, and it provides the basis for good security governance.
CH1: Which of the following is the MOST important reason to
provide effective communication about information security?
A. It makes information security more palatable to resistant
employees.
B. It mitigates the weakest link in the information security
landscape.
C. It informs business units about the information security strategy.
D. It helps the organization conform to regulatory information
security requirements. -
correct answer ✅B.
Security failures are, in the majority of instances, directly
attributable to lack of awareness or failure of employees to follow
policies or procedures. Communication is important to ensure
continued awareness of security policies and procedures among
staff and business partners.
, CISM Practice - Chapter 1 Questions
And Answers
CH1: Which of the following approaches BEST helps the information
security manager achieve compliance with various regulatory
requirements?
A. Rely on corporate counsel to advise which regulations are the
most relevant.
B. Stay current with all relevant regulations and request legal
interpretation.
C. Involve all impacted departments and treat regulations as just
another risk.
D. Ignore many of the regulations that have no penalties. -
correct answer ✅C.
Departments such as HR, finance, and legal are most oftensubject
to new regulations and therefore must be involved in determining
how best to meet the existing and emerging requirements and
would be most aware of these regulations. Treating regulations like
a risk puts them in the proper perspective and mechanisms to deal
with them should already exist.
