CISM Information Security Program Development

Question 1

When developing an information security program, a CISM should FIRST:

Accepted Answer

Define the security program's scope and objectives based on business needs

Answer

Defining the scope and objectives aligned to business needs ensures the security program is purposeful, relevant, and capable of gaining organizational support.

Question 2

Which of the following is MOST critical to the long-term success of an information security program?

Accepted Answer

Ongoing executive sponsorship and adequate resourcing

Answer

Sustained executive sponsorship and adequate resources are the most critical success factors for a security program's long-term effectiveness.

Question 3

A CISM is selecting security controls for a new information security program. Controls should PRIMARILY be selected based on:

Accepted Answer

Risk assessment results and business requirements

Answer

Control selection should be driven by risk assessment results and business requirements to ensure controls address actual risks and support business operations.

Question 4

Which of the following BEST describes the purpose of a security awareness training program?

Accepted Answer

To educate employees about threats and their role in protecting information

Answer

Security awareness training educates employees about information security threats and their individual responsibilities in protecting organizational assets.

Question 5

A CISM is developing a security roadmap. The roadmap should be aligned to:

Accepted Answer

The organization's strategic business plan and risk tolerance

Answer

A security roadmap must align to the organization's strategic business plan and risk tolerance to ensure security investments support business goals.

CISM - Certified Information Security Manager Practice Test

CISM - Certified Information Security Manager Practice Test

CISM Information Security Program Development