ISACA Certified Information Security
Manager (CISM) Prep Questions with
Accurate Answers
A bottom up approach to information security activities is rarely successful. To
achieve senior management commitment and support for information security,
your approach should be based on Regulation, Compliance Requirements, and
also by presenting ideas correct answer D. Align security objectives with key
business objectives
A security strategy is important for an organization, and along with the creation of
supporting policies. What should the overall planning effort cover? correct
answer Either
A. The logical security architecture for the organization
B. The intent and direction and expectations of management
D. Assist in FISMA audits
A well-organized information security awareness course provides employees with
current security policies, an information protection overview, and the steps for
reporting any possible security incidents appropriately. Which of the following is
the most probable result in the organization upon course completion? correct
answer A. Increased reporting of security incidents to the incident response group
All actions dealing with incidents must be worked with cyclical consideration.
What is the primary post-incident review takeaway? correct answer Either
A. Pursuit of legal action
, B. Identify personnel failures
D. Derive ways to improve the response process
Along with attention to detail, what is an additional quality required of an incident
handler? correct answer D. Ability to handle stress
Along with cataloging and assigning value to their information, this individual
holds the proper role for review and confirmation of individuals on an access list?
correct answer A. The Data Owner
As part of the Risk Management process, assessments must be performed on the
information systems and resources of an organization. If there are vulnerabilities
disclosed during an assessment, those vulnerabilities should be: correct answer d.
Evaluated and prioritized based on credible threat and impact if exploited and
and mitigation cost
As the increased use of regulation and compliance in the Information Security
arena expands, information security managers must work to put tasks into
perspective. To do this, ISMs should involve affected organizations and view
"regulations" as a? correct answer Either
A. Risk
B. Legal interpretation
Manager (CISM) Prep Questions with
Accurate Answers
A bottom up approach to information security activities is rarely successful. To
achieve senior management commitment and support for information security,
your approach should be based on Regulation, Compliance Requirements, and
also by presenting ideas correct answer D. Align security objectives with key
business objectives
A security strategy is important for an organization, and along with the creation of
supporting policies. What should the overall planning effort cover? correct
answer Either
A. The logical security architecture for the organization
B. The intent and direction and expectations of management
D. Assist in FISMA audits
A well-organized information security awareness course provides employees with
current security policies, an information protection overview, and the steps for
reporting any possible security incidents appropriately. Which of the following is
the most probable result in the organization upon course completion? correct
answer A. Increased reporting of security incidents to the incident response group
All actions dealing with incidents must be worked with cyclical consideration.
What is the primary post-incident review takeaway? correct answer Either
A. Pursuit of legal action
, B. Identify personnel failures
D. Derive ways to improve the response process
Along with attention to detail, what is an additional quality required of an incident
handler? correct answer D. Ability to handle stress
Along with cataloging and assigning value to their information, this individual
holds the proper role for review and confirmation of individuals on an access list?
correct answer A. The Data Owner
As part of the Risk Management process, assessments must be performed on the
information systems and resources of an organization. If there are vulnerabilities
disclosed during an assessment, those vulnerabilities should be: correct answer d.
Evaluated and prioritized based on credible threat and impact if exploited and
and mitigation cost
As the increased use of regulation and compliance in the Information Security
arena expands, information security managers must work to put tasks into
perspective. To do this, ISMs should involve affected organizations and view
"regulations" as a? correct answer Either
A. Risk
B. Legal interpretation
