CISM 2026 EXAMINERS UPDATED SET
QUESTIONS AND ANSWERS SURE A+
✔✔Culture dynamic interconnection of information security business model - ✔✔The
culture dynamic interconnection links the organization and people elements. It
represents people's beliefs, opinions, and behaviors.
✔✔Enablement and Support dynamic interconnection of information security business
model - ✔✔The enablement and support dynamic interconnection links the technology
and process elements. It involves creating security policies, guidelines, and standards
to support business requirements.
✔✔Emergence dynamic interconnection of information security business model -
✔✔The emergence interconnection links the people and process elements. It indicates
patterns in an organization's life that appear and grow without any evident reason, and
have results that are difficult to forecast and control.
✔✔Human Factors dynamic interconnection of information security business model -
✔✔The human factors interconnection links the people and technology elements, and
indicates the relationship and gap between these elements.
, ✔✔Architecture dynamic interconnection of information security business model -
✔✔The architecture interconnection links the organization and technology elements. It
completely covers an organization's policies, processes, people, and technology that
compose the security practices.
✔✔for the information security strategy to be effective, it should be developed to
achieve certain high-level outcomes: - ✔✔- strategic alignment
- risk management
- value delivery
- resource management
- performance measurement
- process assurance
✔✔Which 3 key participants are involved in the development of the information security
strategy? - ✔✔1. The BOD or the senior management
2. the executive management and steering committee
3. the CISO or ISM
✔✔responsibilities of key participants involved in developing an information security
strategy - ✔✔The senior management ensures that the organization's information
security strategy is aligned with its business strategy and objectives.
The executive management and steering committee are actively involved in risk
management. It involves managing the threats to information assets during strategy
implementation.
To implement an information security strategy, the CISO and information security
managers need to create detailed security action plans. The CISO specifies the security
plans to be implemented.
✔✔In the McKinsey model, to ensure that security initiatives are carefully managed,
they need to be: - ✔✔- distributed equally across the organization's core business
activities to manage new challenges
- reviewed and updated regularly based on the changes in the business environment,
and
- directed towards initiating new businesses
✔✔This model reinforces the importance of analyzing business requirements from a
security perspective while developing a security architecture. - ✔✔SABSA. Sherwood
Applied Business Security Architecture.
✔✔What are the 6 layers of the SABSA model? - ✔✔- Business View - also called the
Contextual Security Architecture
- Architect's View - also called the Conceptual Security Architecture
QUESTIONS AND ANSWERS SURE A+
✔✔Culture dynamic interconnection of information security business model - ✔✔The
culture dynamic interconnection links the organization and people elements. It
represents people's beliefs, opinions, and behaviors.
✔✔Enablement and Support dynamic interconnection of information security business
model - ✔✔The enablement and support dynamic interconnection links the technology
and process elements. It involves creating security policies, guidelines, and standards
to support business requirements.
✔✔Emergence dynamic interconnection of information security business model -
✔✔The emergence interconnection links the people and process elements. It indicates
patterns in an organization's life that appear and grow without any evident reason, and
have results that are difficult to forecast and control.
✔✔Human Factors dynamic interconnection of information security business model -
✔✔The human factors interconnection links the people and technology elements, and
indicates the relationship and gap between these elements.
, ✔✔Architecture dynamic interconnection of information security business model -
✔✔The architecture interconnection links the organization and technology elements. It
completely covers an organization's policies, processes, people, and technology that
compose the security practices.
✔✔for the information security strategy to be effective, it should be developed to
achieve certain high-level outcomes: - ✔✔- strategic alignment
- risk management
- value delivery
- resource management
- performance measurement
- process assurance
✔✔Which 3 key participants are involved in the development of the information security
strategy? - ✔✔1. The BOD or the senior management
2. the executive management and steering committee
3. the CISO or ISM
✔✔responsibilities of key participants involved in developing an information security
strategy - ✔✔The senior management ensures that the organization's information
security strategy is aligned with its business strategy and objectives.
The executive management and steering committee are actively involved in risk
management. It involves managing the threats to information assets during strategy
implementation.
To implement an information security strategy, the CISO and information security
managers need to create detailed security action plans. The CISO specifies the security
plans to be implemented.
✔✔In the McKinsey model, to ensure that security initiatives are carefully managed,
they need to be: - ✔✔- distributed equally across the organization's core business
activities to manage new challenges
- reviewed and updated regularly based on the changes in the business environment,
and
- directed towards initiating new businesses
✔✔This model reinforces the importance of analyzing business requirements from a
security perspective while developing a security architecture. - ✔✔SABSA. Sherwood
Applied Business Security Architecture.
✔✔What are the 6 layers of the SABSA model? - ✔✔- Business View - also called the
Contextual Security Architecture
- Architect's View - also called the Conceptual Security Architecture
