CISM Information Security Governance 3

Question 1

Which of the following BEST illustrates an effective security governance reporting structure?

Accepted Answer

CISO reports to both the CEO and board with regular updates

Answer

Effective governance requires the CISO to report to senior leadership and the board regularly, ensuring visibility and accountability at the highest levels.

Question 2

An organization wants to ensure its security governance program remains effective over time. The BEST mechanism is:

Accepted Answer

Continuous monitoring and periodic program reviews

Answer

Continuous monitoring and periodic reviews ensure the governance program adapts to changing threats, business needs, and regulatory requirements.

Question 3

Which of the following represents a governance control rather than a technical control?

Accepted Answer

Acceptable use policy

Answer

An acceptable use policy is a governance (administrative) control that defines rules and expectations for users, rather than a technical enforcement mechanism.

Question 4

A newly appointed CISM discovers the organization has no formal security governance structure. The FIRST step should be to:

Accepted Answer

Obtain executive sponsorship and establish governance authority

Answer

Without executive sponsorship and formal governance authority, a CISM cannot effectively implement or enforce any security program.

Question 5

Which of the following BEST defines 'security culture' within a governance context?

Accepted Answer

The shared values, behaviors, and attitudes toward security among employees

Answer

Security culture refers to the collective attitudes, values, and behaviors of employees toward security, which governance programs aim to develop and reinforce.

CISM - Certified Information Security Manager Practice Test

CISM - Certified Information Security Manager Practice Test

CISM Information Security Governance 3