Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

ISACA CISM Exam Questions
Certified Information Security Manager (Page 20 )

Updated On: 17-Feb-2026
Page 20 of 345
PDF with 1716 Questions

To achieve effective strategic alignment of security initiatives, it is important that:

  1. Steering committee leadership be selected by rotation.
  2. Inputs be obtained and consensus achieved between the major organizational units.
  3. The business strategy be updated periodically.
  4. Procedures and standards be approved by all departmental heads.

Answer(s): B

Explanation:

It is important to achieve consensus on risks and controls, and obtain inputs from various organizational entities since security needs to be aligned to the needs of the organization. Rotation of steering committee leadership does not help in achieving strategic alignment. Updating business strategy does not lead to strategic alignment of security initiatives. Procedures and standards need not be approved by all departmental heads



When developing incident response procedures involving servers hosting critical applications, which of the following should be the FIRST to be notified?

  1. Business management
  2. Operations manager
  3. Information security manager
  4. System users

Answer(s): C

Explanation:

The escalation process in critical situations should involve the information security manager as the first contact so that appropriate escalation steps are invoked as necessary. Choices A, B and D would be notified accordingly.



In implementing information security governance, the information security manager is PRIMARILY responsible for:

  1. developing the security strategy.
  2. reviewing the security strategy.
  3. communicating the security strategy.
  4. approving the security strategy

Answer(s): A

Explanation:

The information security manager is responsible for developing a security strategy based on business objectives with the help of business process owners. Reviewing the security strategy is the responsibility of a steering committee. The information security manager is not necessarily responsible for communicating or approving the security strategy.



An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:

  1. performance measurement.
  2. integration.
  3. alignment.
  4. value delivery.

Answer(s): C

Explanation:

Strategic alignment of security with business objectives is a key indicator of performance measurement. In guiding a security program, a meaningful performance measurement will also rely on an understanding of business objectives, which will be an outcome of alignment. Business linkages do not by themselves indicate integration or value delivery. While alignment is an important precondition, it is not as important an indicator.



When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?

  1. Compliance with international security standards.
  2. Use of a two-factor authentication system.
  3. Existence of an alternate hot site in case of business disruption.
  4. Compliance with the organization's information security requirements.

Answer(s): D

Explanation:

Prom a security standpoint, compliance with the organization's information security requirements is one of the most important topics that should be included in the contract with third-party service provider. The scope of implemented controls in any ISO 27001-compliant organization depends on the security requirements established by each organization. Requiring compliance only with this security standard does not guarantee that a service provider complies with the organization's security requirements. The requirement to use a specific kind of control methodology is not usually stated in the contract with third- party service providers.






Post your Comments and Discuss ISACA CISM exam dumps with other Community members:

Join the CISM Discussion