CISM Information Security Governance

Question 1

Which of the following BEST describes the primary objective of information security governance?

Accepted Answer

Aligning security strategy with business objectives

Answer

Deploying firewalls and intrusion detection systems

Answer

Training employees on password policies

Answer

Conducting annual penetration tests

Question 2

A CISM is developing a security governance framework. Which document should serve as the TOP-LEVEL foundation?

Accepted Answer

Information security policy

Answer

Security procedures

Answer

Security standards

Answer

Risk register

Question 3

Which governance structure BEST ensures accountability for information security across the organization?

Accepted Answer

Defined roles and responsibilities with clear ownership

Answer

Centralized IT helpdesk

Answer

Annual security audits by external firms

Answer

Automated vulnerability scanning tools

Question 4

An organization's board of directors is MOST responsible for which security governance activity?

Accepted Answer

Setting risk appetite and oversight

Answer

Writing security policies

Answer

Conducting vulnerability assessments

Answer

Managing security operations

Question 5

Which metric BEST demonstrates the effectiveness of an information security governance program to senior leadership?

Accepted Answer

Ratio of security incidents to business risk tolerance

Answer

Number of firewall rules implemented

Answer

Percentage of employees completing security awareness training

Answer

Number of software vulnerabilities patched

Question 6

A CISM wants to ensure that information security governance is integrated into organizational decision-making. The BEST approach is to:

Accepted Answer

Establish a security steering committee with cross-functional representation

Answer

Require IT sign-off on all purchases

Answer

Mandate security training for all new hires

Answer

Deploy a SIEM platform organization-wide