CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

Free CISM Exam Braindumps

The PRIMARY goal in developing an information security strategy is to:

  1. establish security metrics and performance monitoring.
  2. educate business process owners regarding their duties.
  3. ensure that legal and regulatory requirements are met
  4. support the business objectives of the organization.

Answer(s): D

Explanation:

The business objectives of the organization supersede all other factors. Establishing metrics and measuring performance, meeting legal and regulatory requirements, and educating business process owners are all subordinate to this overall goal.



Senior management commitment and support for information security can BEST be enhanced through:

  1. a formal security policy sponsored by the chief executive officer (CEO).
  2. regular security awareness training for employees.
  3. periodic review of alignment with business management goals.
  4. senior management signoff on the information security strategy.

Answer(s): C

Explanation:

Ensuring that security activities continue to be aligned and support business goals is critical to obtaining their support. Although having the chief executive officer (CEO) signoff on the security policy and senior management signoff on the security strategy makes for good visibility and demonstrates good tone at the top, it is a one-time discrete event that may be quickly forgotten by senior management. Security awareness training for employees will not have as much effect on senior management commitment.



When identifying legal and regulatory issues affecting information security, which of the following would represent the BEST approach to developing information security policies?

  1. Create separate policies to address each regulation
  2. Develop policies that meet all mandated requirements
  3. Incorporate policy statements provided by regulators
  4. Develop a compliance risk assessment

Answer(s): B

Explanation:

It will be much more efficient to craft all relevant requirements into policies than to create separate versions. Using statements provided by regulators will not capture all of the requirements mandated by different regulators. A compliance risk assessment is an important tool to verify that procedures ensure compliance once the policies have been established.



Which of the following MOST commonly falls within the scope of an information security governance steering committee?

  1. Interviewing candidates for information security specialist positions
  2. Developing content for security awareness programs
  3. Prioritizing information security initiatives
  4. Approving access to critical financial systems

Answer(s): C

Explanation:

Prioritizing information security initiatives is the only appropriate item. The interviewing of specialists should be performed by the information security manager, while the developing of program content should be performed by the information security staff. Approving access to critical financial systems is the responsibility of individual system data owners.






Post your Comments and Discuss ISACA CISM exam with other Community members:

CISM Exam Discussions & Posts