Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

ISACA CISM Exam Questions
Certified Information Security Manager (Page 29 )

Updated On: 19-Feb-2026
Page 29 of 345
PDF with 1716 Questions

The MAIN reason for having the Information Security Steering Committee review a new security controls implementation plan is to ensure that:

  1. the plan aligns with the organization's business plan.
  2. departmental budgets are allocated appropriately to pay for the plan.
  3. regulatory oversight requirements are met.
  4. the impact of the plan on the business units is reduced.

Answer(s): A

Explanation:

The steering committee controls the execution of the information security strategy according to the needs of the organization and decides on the project prioritization and the execution plan. The steering committee does not allocate department budgets for business units. While ensuring that regulatory oversight requirements are met could be a consideration, it is not the main reason for the review. Reducing the impact on the business units is a secondary concern but not the main reason for the review.



Which of the following should be determined while defining risk management strategies?

  1. Risk assessment criteria
  2. Organizational objectives and risk appetite
  3. IT architecture complexity
  4. Enterprise disaster recovery plans

Answer(s): B

Explanation:

While defining risk management strategies, one needs to analyze the organization's objectives and risk appetite and define a risk management framework based on this analysis. Some organizations may accept known risks, while others may invest in and apply mitigation controls to reduce risks. Risk assessment criteria would become part of this framework, but only after proper analysis. IT architecture complexity and enterprise disaster recovery plans are more directly related to assessing risks than defining strategies.



When implementing effective security governance within the requirements of the company's security strategy, which of the following is the MOST important factor to consider?

  1. Preserving the confidentiality of sensitive data
  2. Establishing international security standards for data sharing
  3. Adhering to corporate privacy standards
  4. Establishing system manager responsibility for information security

Answer(s): A

Explanation:

The goal of information security is to protect the organization's information assets. International security standards are situational, depending upon the company and its business. Adhering to corporate privacy standards is important, but those standards must be appropriate and adequate and are not the most important factor to consider. All employees are responsible for information security, but it is not the most important factor to consider.



Which of the following is the BEST reason to perform a business impact analysis (BIA)?

  1. To help determine the current state of risk
  2. To budget appropriately for needed controls
  3. To satisfy regulatory requirements
  4. To analyze the effect on the business

Answer(s): A

Explanation:

The BIA is included as part of the process to determine the current state of risk and helps determine the acceptable levels of response from impacts and the current level of response, leading to a gap analysis. Budgeting appropriately may come as a result, but is not the reason to perform the analysis. Performing an analysis may satisfy regulatory requirements, bill is not the reason to perform one. Analyzing the effect on the business is part of the process, but one must also determine the needs or acceptable effect or response.



Which of the following BEST enables the deployment of consistent security throughout international branches within a multinational organization?

  1. Maturity of security processes
  2. Remediation of audit findings
  3. Decentralization of security governance
  4. Establishment of security governance

Answer(s): D






Post your Comments and Discuss ISACA CISM exam dumps with other Community members:

Join the CISM Discussion