CISM Information Security Governance

Question 1

Which of the following BEST describes the primary objective of information security governance?

Accepted Answer

Aligning security strategy with business objectives

Answer

Information security governance ensures that security strategies are aligned with and support the overall business objectives of the organization.

Question 2

A CISM is developing a security governance framework. Which document should serve as the TOP-LEVEL foundation?

Accepted Answer

Information security policy

Answer

The information security policy is the top-level document that establishes management's intent and provides the foundation for all other security standards and procedures.

Question 3

Which governance structure BEST ensures accountability for information security across the organization?

Accepted Answer

Defined roles and responsibilities with clear ownership

Answer

Clearly defined roles and responsibilities with assigned ownership ensure accountability and enable effective governance across the organization.

Question 4

An organization's board of directors is MOST responsible for which security governance activity?

Accepted Answer

Setting risk appetite and oversight

Answer

The board of directors is responsible for setting the organization's risk appetite and providing oversight of the overall security posture.

Question 5

Which metric BEST demonstrates the effectiveness of an information security governance program to senior leadership?

Accepted Answer

Ratio of security incidents to business risk tolerance

Answer

Comparing security incidents against defined business risk tolerance gives leadership meaningful insight into how well the governance program is performing relative to strategic objectives.

CISM - Certified Information Security Manager Practice Test

CISM - Certified Information Security Manager Practice Test

CISM Information Security Governance