©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
Certified Information Security Manager - Chapter 3
Questions and Answers (100% Correct)
3.0 INTRODUCTION
What is the purpose of the information security program? - Answer✔️✔️-The
purpose of the infosec prg is to execute the strategy and achieve the org objectives
for acceptable levels of risk and business disruption.
3.0 INTRODUCTION
What is the road map based on? What is done to create it (high level)? -
Answer✔️✔️-Roadmap is made based on strategy. Set high level objectives or goals
and desired outcomes with a plan to achieve..
3.0 INTRODUCTION
What is in a roadmap? What is it used for? - Answer✔️✔️-Roadmaps are a plan that
has detailed steps to achieve goals/obj in strategy.
The plans include activities required to manage, maintain, and improve cost-
effectiveness of the prg
1
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
3.0 INTRODUCTION
For management to be effective, this needs to be done _________________. -
Answer✔️✔️-For management to be effective, good metrics and monitor need to be
done.
3.0 INTRODUCTION
For management to be effective, what else must be monitored, in addition metrics
at the operational, tactical, and strategic levels? - Answer✔️✔️-For management to
be effective, what else needs to be monitoring in addition to metrics at the
operational, tactical, and strategic levels?
1. Essential controls
2. Key risk indicators to warn of change risk
3. Internal and external environments
4. Compliance with policies and standards
3.0 INTRODUCTION
What are the main levels in which metrics must be monitored? - Answer✔️✔️-
Metrics must be monitored at the operational, tactical, and strategic levels.
2
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
3.1 INFORMATION SECURITY MGMT OVERVIEW
What does infosec prg include? - Answer✔️✔️-Infosec prgm encompasses all
activities and resources that provide infosec services to an org. These primarily
include
1. Design
2. Development
3. Integration of enterprise wide controls related to infosec
4. Ongoing administration and mgmt of ctrls
3.1 INFORMATION SECURITY MGMT OVERVIEW
What skills will ISM need to gain expertise in? - Answer✔️✔️-ISMs will need to
gain skills in
1. Budgeting
2. Planning
3. Business case development
4. Recruiting
3
, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
5. Other personnel related functions
3.1 INFORMATION SECURITY MGMT OVERVIEW
What are the three essential elements to a program? - Answer✔️✔️-Design,
implementation, and management
1. Prg must be executed in close alignment with infosec strategy. Must meet
supporting org objectives
2. Prg must be designed with support from mgmt and stakeholders
3. Metrics must be developed for prg design, implementation, and ongoing prg
mgmt phases to determine if prg is doing well.
3.1 INFORMATION SECURITY MGMT OVERVIEW
When you start building an infosec prg, what activities do you do? - Answer✔️✔️-
To building an infosec prg, you must
1. Define overall objectives for infosec. These should link to org objs.
2. Need methodologies for achieving desired state.
4
Certified Information Security Manager - Chapter 3
Questions and Answers (100% Correct)
3.0 INTRODUCTION
What is the purpose of the information security program? - Answer✔️✔️-The
purpose of the infosec prg is to execute the strategy and achieve the org objectives
for acceptable levels of risk and business disruption.
3.0 INTRODUCTION
What is the road map based on? What is done to create it (high level)? -
Answer✔️✔️-Roadmap is made based on strategy. Set high level objectives or goals
and desired outcomes with a plan to achieve..
3.0 INTRODUCTION
What is in a roadmap? What is it used for? - Answer✔️✔️-Roadmaps are a plan that
has detailed steps to achieve goals/obj in strategy.
The plans include activities required to manage, maintain, and improve cost-
effectiveness of the prg
1
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
3.0 INTRODUCTION
For management to be effective, this needs to be done _________________. -
Answer✔️✔️-For management to be effective, good metrics and monitor need to be
done.
3.0 INTRODUCTION
For management to be effective, what else must be monitored, in addition metrics
at the operational, tactical, and strategic levels? - Answer✔️✔️-For management to
be effective, what else needs to be monitoring in addition to metrics at the
operational, tactical, and strategic levels?
1. Essential controls
2. Key risk indicators to warn of change risk
3. Internal and external environments
4. Compliance with policies and standards
3.0 INTRODUCTION
What are the main levels in which metrics must be monitored? - Answer✔️✔️-
Metrics must be monitored at the operational, tactical, and strategic levels.
2
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
3.1 INFORMATION SECURITY MGMT OVERVIEW
What does infosec prg include? - Answer✔️✔️-Infosec prgm encompasses all
activities and resources that provide infosec services to an org. These primarily
include
1. Design
2. Development
3. Integration of enterprise wide controls related to infosec
4. Ongoing administration and mgmt of ctrls
3.1 INFORMATION SECURITY MGMT OVERVIEW
What skills will ISM need to gain expertise in? - Answer✔️✔️-ISMs will need to
gain skills in
1. Budgeting
2. Planning
3. Business case development
4. Recruiting
3
, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
5. Other personnel related functions
3.1 INFORMATION SECURITY MGMT OVERVIEW
What are the three essential elements to a program? - Answer✔️✔️-Design,
implementation, and management
1. Prg must be executed in close alignment with infosec strategy. Must meet
supporting org objectives
2. Prg must be designed with support from mgmt and stakeholders
3. Metrics must be developed for prg design, implementation, and ongoing prg
mgmt phases to determine if prg is doing well.
3.1 INFORMATION SECURITY MGMT OVERVIEW
When you start building an infosec prg, what activities do you do? - Answer✔️✔️-
To building an infosec prg, you must
1. Define overall objectives for infosec. These should link to org objs.
2. Need methodologies for achieving desired state.
4
