Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
Palo Alto Networks
EC-Council
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. ISACA
  5. CISM

Certified Information Security Manager
CISM Exam

The PRIMARY goal in developing an information security strategy is to:

  1. establish security metrics and performance monitoring.
  2. educate business process owners regarding their duties.
  3. ensure that legal and regulatory requirements are met
  4. support the business objectives of the organization.

Answer(s): D

Explanation:

The business objectives of the organization supersede all other factors. Establishing metrics and measuring performance, meeting legal and regulatory requirements, and educating business process owners are all subordinate to this overall goal.



Senior management commitment and support for information security can BEST be enhanced through:

  1. a formal security policy sponsored by the chief executive officer (CEO).
  2. regular security awareness training for employees.
  3. periodic review of alignment with business management goals.
  4. senior management signoff on the information security strategy.

Answer(s): C

Explanation:

Ensuring that security activities continue to be aligned and support business goals is critical to obtaining their support. Although having the chief executive officer (CEO) signoff on the security policy and senior management signoff on the security strategy makes for good visibility and demonstrates good tone at the top, it is a one-time discrete event that may be quickly forgotten by senior management. Security awareness training for employees will not have as much effect on senior management commitment.



When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?

  1. Create separate policies to address each regulation
  2. Develop policies that meet all mandated requirements
  3. Incorporate policy statements provided by regulators
  4. Develop a compliance risk assessment

Answer(s): B

Explanation:

It will be much more efficient to craft all relevant requirements into policies than to create separate versions. Using statements provided by regulators will not capture all of the requirements mandated by different regulators. A compliance risk assessment is an important tool to verify that procedures ensure compliance once the policies have been established.



Which of the following MOST commonly falls within the scope of an information security governance steering committee?

  1. Interviewing candidates for information security specialist positions
  2. Developing content for security awareness programs
  3. Prioritizing information security initiatives
  4. Approving access to critical financial systems

Answer(s): C

Explanation:

Prioritizing information security initiatives is the only appropriate item. The interviewing of specialists should be performed by the information security manager, while the developing of program content should be performed by the information security staff. Approving access to critical financial systems is the responsibility of individual system data owners.




Marcus
Impressive work on this exam dumps. Love the free version.
- CANADA
Upvote


Emily
Great job on these practice exam questions! You guys are the best.
- CANADA
Upvote


seagal
I just passed (310-025) SCJP test yesterday. Your guide is right on the money and almost covers every question word for word. Great work !
- Edmonton
Upvote


Illya
I passed my exam today with a score of 964. This was a difficult test but the preparation guide was very good. I would not have passed without the materials. Thank you very much for giving me the opportunity to better my life.
- Alberta
Upvote


Jackson
Exam syo-101 Exam I passed my exam today with no problem whatsoever. I just wanted to say a sincere thank you for the outstanding study guide. You guys are a phenomenal help when it comes to study assistance. Thanks and definitely expect to see me again.
- MJ
Upvote


CJ
Exam 1Z0-040: 1Z0-040 passed!!! I have passed my exam 59/60. You people are the boom. Thanks for the exam questions. They were so real!!
- UNITED STATES
Upvote


Oshrit
Dear Support, I passed (as you expected) the Sun Solaris Admin I (310-011) at first trial. Thank you so much.
- Israel
Upvote


Lee W.
Just thought I would let you know I took the CCDA test on Tuesday, like I planned and scored a 902!"
- China
Upvote


Micheal C.
I have used your Exams for preparation for 70-290, 70-291, 70-292, 70-296, 70-298, 70- 299, 70-300, 70-305, 70-310, 70-315, 70-316,70-320. I also passed all those on the first round. I'm currently preparing for the CCNA.
- ON
Upvote


kris J.
Now my dream has come true. I thank you a million times for the best study guides that you provided to a poor kid like me....I got it. Finally MCSE. Best regards,
- GERMANY
Upvote

Read more ...