Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

ISACA CISM Exam Questions
Certified Information Security Manager (Page 31 )

Updated On: 19-Feb-2026
Page 31 of 345
PDF with 1716 Questions

In addition to business alignment and security ownership, which of the following is MOST critical for information security governance?

  1. Auditability of systems
  2. Compliance with policies
  3. Reporting of security metrics
  4. Executive sponsorship

Answer(s): A



Senior management has allocated funding to each of the organization’s divisions to address information security vulnerabilities. The funding is based on each division’s technology budget from the previous fiscal year. Which of the following should be of GREATEST concern to the information security manager?

  1. Areas of highest risk may not be adequately prioritized for treatment
  2. Redundant controls may be implemented across divisions
  3. Information security governance could be decentralized by division
  4. Return on investment may be inconsistently reported to senior management

Answer(s): A



The effectiveness of an information security governance framework will BEST be enhanced if:

  1. IS auditors are empowered to evaluate governance activities
  2. risk management is built into operational and strategic activities
  3. a culture of legal and regulatory compliance is promoted by management
  4. consultants review the information security governance framework

Answer(s): D



When developing an information security governance framework, which of the following would be the MAINimpact when lacking senior management involvement?

  1. Accountability for risk treatment is not clearly defined.
  2. Information security responsibilities are not communicated effectively.
  3. Resource requirements are not adequately considered.
  4. Information security plans do not support business requirements.

Answer(s): C



Which of the following is the BEST way to facilitate the alignment between an organization’s information security program and business objectives?

  1. Information security is considered at the feasibility stage of all IT projects.
  2. The information security governance committee includes representation from key business areas.
  3. The chief executive officer reviews and approves the information security program.
  4. The information security program is audited by the internal audit department.

Answer(s): B






Post your Comments and Discuss ISACA CISM exam dumps with other Community members:

Join the CISM Discussion