Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

ISACA CISM Exam Questions
Certified Information Security Manager (Page 23 )

Updated On: 17-Feb-2026
Page 23 of 345
PDF with 1716 Questions

A multinational organization operating in fifteen countries is considering implementing an information security program. Which factor will MOST influence the design of the Information security program?

  1. Representation by regional business leaders
  2. Composition of the board
  3. Cultures of the different countries
  4. IT security skills

Answer(s): C

Explanation:

Culture has a significant impact on how information security will be implemented. Representation by regional business leaders may not have a major influence unless it concerns cultural issues. Composition of the board may not have a significant impact compared to cultural issues. IT security skills are not as key or high impact in designing a multinational information security program as would be cultural issues.



Which of the following is the BEST justification to convince management to invest in an information security program?

  1. Cost reduction
  2. Compliance with company policies
  3. Protection of business assets
  4. Increased business value

Answer(s): D

Explanation:

Investing in an information security program should increase business value and confidence. Cost reduction by itself is rarely the motivator for implementing an information security program. Compliance is secondary to business value. Increasing business value may include protection of business assets.



On a company's e-commerce web site, a good legal statement regarding data privacy should include:

  1. a statement regarding what the company will do with the information it collects.
  2. a disclaimer regarding the accuracy of information on its web site.
  3. technical information regarding how information is protected.
  4. a statement regarding where the information is being hosted.

Answer(s): A

Explanation:

Most privacy laws and regulations require disclosure on how information will be used. A disclaimer is not necessary since it does not refer to data privacy. Technical details regarding how information is protected are not mandatory to publish on the web site and in fact would not be desirable. It is not mandatory to say where information is being hosted.



The MOST important factor in ensuring the success of an information security program is effective:

  1. communication of information security requirements to all users in the organization.
  2. formulation of policies and procedures for information security.
  3. alignment with organizational goals and objectives.
  4. monitoring compliance with information security policies and procedures.

Answer(s): C

Explanation:

The success of security programs is dependent upon alignment with organizational goals and objectives. Communication is a secondary step. Effective communication and education of users is a critical determinant of success but alignment with organizational goals and objectives is the most important factor for success. Mere formulation of policies without effective communication to users will not ensure success. Monitoring compliance with information security policies and procedures can be, at best, a detective mechanism that will not lead to success in the midst of uninformed users.



Which of the following would be MOST helpful to achieve alignment between information security and organization objectives?

  1. Key control monitoring
  2. A robust security awareness program
  3. A security program that enables business activities
  4. An effective security architecture

Answer(s): C

Explanation:

A security program enabling business activities would be most helpful to achieve alignment between information security and organization objectives. All of the other choices are part of the security program and would not individually and directly help as much as the security program.






Post your Comments and Discuss ISACA CISM exam dumps with other Community members:

Join the CISM Discussion