Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

ISACA CISM Exam Questions
Certified Information Security Manager (Page 3 )

Updated On: 16-Feb-2026
Page 3 of 345
PDF with 1716 Questions

Which of the following represents the MAJOR focus of privacy regulations?

  1. Unrestricted data mining
  2. Identity theft
  3. Human rights protection
  4. Identifiable personal data

Answer(s): D

Explanation:

Protection of identifiable personal data is the major focus of recent privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA). Data mining is an accepted tool for ad hoc reporting; it could pose a threat to privacy only if it violates regulatory provisions. Identity theft is a potential consequence of privacy violations but not the main focus of many regulations. Human rights addresses privacy issues but is not the main focus of regulations.



Investments in information security technologies should be based on:

  1. vulnerability assessments.
  2. value analysis.
  3. business climate.
  4. audit recommendations.

Answer(s): B

Explanation:

Investments in security technologies should be based on a value analysis and a sound business case. Demonstrated value takes precedence over the current business climate because it is ever changing. Basing decisions on audit recommendations would be reactive in nature and might not address the key business needs comprehensively. Vulnerability assessments are useful, but they do not determine whether the cost is justified.



Retention of business records should PRIMARILY be based on:

  1. business strategy and direction.
  2. regulatory and legal requirements.
  3. storage capacity and longevity.
  4. business ease and value analysis.

Answer(s): B

Explanation:

Retention of business records is generally driven by legal and regulatory requirements. Business strategy and direction would not normally apply nor would they override legal and regulatory requirements. Storage capacity and longevity are important but secondary issues. Business case and value analysis would be secondary to complying with legal and regulatory requirements.



Which of the following is characteristic of centralized information security management?

  1. More expensive to administer
  2. Better adherence to policies
  3. More aligned with business unit needs
  4. Faster turnaround of requests

Answer(s): B

Explanation:

Centralization of information security management results in greater uniformity and better adherence to security policies. It is generally less expensive to administer due to the economics of scale. However, turnaround can be slower due to the lack of alignment with business units.



Successful implementation of information security governance will FIRST require:

  1. security awareness training.
  2. updated security policies.
  3. a computer incident management team.
  4. a security architecture.

Answer(s): B

Explanation:

Updated security policies are required to align management objectives with security procedures; management objectives translate into policy; policy translates into procedures. Security procedures will necessitate specialized teams such as the computer incident response and management group as well as specialized tools such as the security mechanisms that comprise the security architecture. Security awareness will promote the policies, procedures and appropriate use of the security mechanisms.






Post your Comments and Discuss ISACA CISM exam dumps with other Community members:

Join the CISM Discussion