Microsoft
Amazon
CompTIA
Salesforce
Cisco®
SAP
PMI
ISC
ISACA
VMware
HP
EC-Council
Palo Alto Networks
LPI
Google
Fortinet
All Vendors
  2. Home
  3. Exam List
  4. ISACA
  5. CISM

Certified Information Security Manager
CISM Exam

Which of the following should be the FIRST step in developing an information security plan?

  1. Perform a technical vulnerabilities assessment
  2. Analyze the current business strategy
  3. Perform a business impact analysis
  4. Assess the current levels of security awareness

Answer(s): B

Explanation:

Prior to assessing technical vulnerabilities or levels of security awareness, an information security manager needs to gain an understanding of the current business strategy and direction. A business impact analysis should be performed prior to developing a business continuity plan, but this would not be an appropriate first step in developing an information security strategy because it focuses on availability.



Senior management commitment and support for information security can BEST be obtained through presentations that:

  1. use illustrative examples of successful attacks.
  2. explain the technical risks to the organization.
  3. evaluate the organization against best security practices.
  4. tie security risks to key business objectives.

Answer(s): D

Explanation:

Senior management seeks to understand the business justification for investing in security. This can best be accomplished by tying security to key business objectives. Senior management will not be as interested in technical risks or examples of successful attacks if they are not tied to the impact on business environment and objectives. Industry best practices are important to senior management but, again, senior management will give them the right level of importance when they are presented in terms of key business objectives.



The MOST appropriate role for senior management in supporting information security is the:

  1. evaluation of vendors offering security products.
  2. assessment of risks to the organization.
  3. approval of policy statements and funding.
  4. monitoring adherence to regulatory requirements.

Answer(s): C

Explanation:

Since the members of senior management are ultimately responsible for information security, they are the ultimate decision makers in terms of governance and direction. They are responsible for approval of major policy statements and requests to fund the information security practice. Evaluation of vendors, assessment of risks and monitoring compliance with regulatory requirements are day-to-day responsibilities of the information security manager; in some organizations, business management is involved in these other activities, though their primary role is direction and governance.



Which of the following would BEST ensure the success of information security governance within an organization?

  1. Steering committees approve security projects
  2. Security policy training provided to all managers
  3. Security training available to all employees on the intranet
  4. Steering committees enforce compliance with laws and regulations

Answer(s): A

Explanation:

The existence of a steering committee that approves all security projects would be an indication of the existence of a good governance program. Compliance with laws and regulations is part of the responsibility of the steering committee but it is not a full answer. Awareness training is important at all levels in any medium, and also an indicator of good governance. However, it must be guided and approved as a security project by the steering committee.




Tina
Last week I took the Citrix exam and I passed with a very high mark, more than what I expected. Thanks!!
- Israel
Upvote


Calvin B.
I just took my Certification testing for 10-184 Microsoft CRM Installation and Configuration. Your test questions definitely covered the essence of the exam material and I easily passed the exam.
- Lafayette
Upvote


950+
I just finished my exam this week. It was a good score of 950+.
- UNITED STATES
Upvote


Abdul
I passed the exam on Monday morning and was amazed at how much this site had covered, fortunately that's it for another three years. The tests really did help so thanks!!
- Doha
Upvote


Rose
I passed that exam the first time. And I thank you folks for that. I could not have passed it with out your help.
- South Africa
Upvote


Shourya
I've just done my exam and passed (890) - your materials are spot on.
- UNITED STATES
Upvote


90%
I have sat and passed.
- Haidarabad
Upvote


Jessica
Thanks to this site! i passed my 310-055 exam with 90%
- UNITED STATES
Upvote


George
I passed my VCP Exam this week with an 87. I hadn't taken a cert exam in 10 years. Your product was very helpful and helped me hone the areas where I was lacking. Thank you.
- UNITED ARAB EMIRATES
Upvote


David B.
I would like to thank this site for the great support and passing 920-105 exam with excellent result. Thanks once again!
- UNITED STATES
Upvote

Read more ...