CISM Exam Prep Questions & Answers
2023/2024
Information security governance is primarily driven by: - ANSWER-Business strategy
Who should drive the risk analysis for an organization? - ANSWER-the Security Manager
Who should be responsible for enforcing access rights to application data? - ANSWER-Security
administrators
The MOST important component of a privacy policy is: - ANSWER-notifications
Investment in security technology and processes should be based on: - ANSWER-clear alignment with
the goals and objectives of the organization
Define information security governance - ANSWER-1. A set of policies and procedures that establishes a
framework of information security strategies
2. A practice area that ensures efficient utilization of information resources
The main purpose of information security governance - ANSWER-to ensure the safety of information
including its Confidentiality, Integrity and Availability. Information security governance protects
information from loss, misuse, unauthorized usage, and destruction during its life cycle or the time it is
being used in an organization.
Benefits of information security governance - ANSWER-- accountability for protecting information during
important business activities
- reduction of the impact of security incidents
- reduction in risks to tolerable limits
- protection from civil and legal liabilities
- enhancement of trust in customer relationships
, - assurance of policy compliance
- protection of company reputation
In order to be effective, information security governance needs to provide 6 basic outcomes: - ANSWER--
strategic alignment
- value delivery
- risk management
- performance measurement
- resource management
- integration
Should information security investments be optimized or minimized? - ANSWER-Optimized so that they
support business objectives.
Primary goals of resource management: - ANSWER-- keeping a record of security practices and processes
- acquiring knowledge and making it accessible
- building a security architecture that identifies and uses infrastructure resources properly
What is Corporate Governance? - ANSWER-Corporate governance is a set of procedures and duties
performed by the board of directors and executive management to direct and control the organization.
Corporate governance helps the board of directors to
• ensure that business objectives are met
• provide strategic direction for business activities
• verify the efficient use of the organization's resources, and
ensure proper handling of business risks
Information Security Governance - ANSWER-While corporate governance deals with performance and
control at all levels of the organization, information security governance is a subset of corporate
governance. Information security governance is concerned with the policies and controls related to
protecting information in the organization. It helps you to
• ensure that information security objectives are achieved
2023/2024
Information security governance is primarily driven by: - ANSWER-Business strategy
Who should drive the risk analysis for an organization? - ANSWER-the Security Manager
Who should be responsible for enforcing access rights to application data? - ANSWER-Security
administrators
The MOST important component of a privacy policy is: - ANSWER-notifications
Investment in security technology and processes should be based on: - ANSWER-clear alignment with
the goals and objectives of the organization
Define information security governance - ANSWER-1. A set of policies and procedures that establishes a
framework of information security strategies
2. A practice area that ensures efficient utilization of information resources
The main purpose of information security governance - ANSWER-to ensure the safety of information
including its Confidentiality, Integrity and Availability. Information security governance protects
information from loss, misuse, unauthorized usage, and destruction during its life cycle or the time it is
being used in an organization.
Benefits of information security governance - ANSWER-- accountability for protecting information during
important business activities
- reduction of the impact of security incidents
- reduction in risks to tolerable limits
- protection from civil and legal liabilities
- enhancement of trust in customer relationships
, - assurance of policy compliance
- protection of company reputation
In order to be effective, information security governance needs to provide 6 basic outcomes: - ANSWER--
strategic alignment
- value delivery
- risk management
- performance measurement
- resource management
- integration
Should information security investments be optimized or minimized? - ANSWER-Optimized so that they
support business objectives.
Primary goals of resource management: - ANSWER-- keeping a record of security practices and processes
- acquiring knowledge and making it accessible
- building a security architecture that identifies and uses infrastructure resources properly
What is Corporate Governance? - ANSWER-Corporate governance is a set of procedures and duties
performed by the board of directors and executive management to direct and control the organization.
Corporate governance helps the board of directors to
• ensure that business objectives are met
• provide strategic direction for business activities
• verify the efficient use of the organization's resources, and
ensure proper handling of business risks
Information Security Governance - ANSWER-While corporate governance deals with performance and
control at all levels of the organization, information security governance is a subset of corporate
governance. Information security governance is concerned with the policies and controls related to
protecting information in the organization. It helps you to
• ensure that information security objectives are achieved
