Cisco
CompTIA
ISC
EC-Council
EXIN
Fortinet
ITIL
Juniper
Microsoft
VMware
Avaya
SAP
Google
NVIDIA
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk
ServiceNow
All Vendors
  2. Home
  3. Exams
  4. ISACA
  5. CISM

ISACA CISM Exam Questions
Certified Information Security Manager (Page 66 )

Updated On: 21-Feb-2026
Page 66 of 345
PDF with 1716 Questions

An information security manager has been asked to create a strategy to protect the organization’s information from a variety of threat vectors. Which of the following should be done FIRST?

  1. Perform a threat modeling exercise
  2. Develop a risk profile
  3. Design risk management processes
  4. Select a governance framework

Answer(s): B



Which of the following would BEST ensure that security risk assessment is integrated into the life cycle of major IT projects?

  1. Integrating the risk assessment into the internal audit program
  2. Applying global security standards to the IT projects
  3. Training project managers on risk assessment
  4. Having the information security manager participate on the project setting committees

Answer(s): B



An information security manager has completed a risk assessment and has determined the residual risk. Which of the following should be the NEXT step?

  1. Conduct an evaluation of controls
  2. Determine if the risk is within the risk appetite
  3. Implement countermeasures to mitigate risk
  4. Classify all identified risks

Answer(s): B



Which of the following would be the BEST indicator that an organization is appropriately managing risk?

  1. The number of security incident events reported by staff has increased
  2. Risk assessment results are within tolerance
  3. A penetration test does not identify any high-risk system vulnerabilities
  4. The number of events reported from the intrusion detection system has declined

Answer(s): B



A large organization is considering a policy that would allow employees to bring their own smartphones into the organizational environment. The MOST important concern to the information security manager should be the:

  1. higher costs in supporting end users
  2. impact on network capacity
  3. decrease in end user productivity
  4. lack of a device management solution

Answer(s): D


Reference:

https://www.isaca.org/Journal/archives/2013/Volume-4/Pages/Leveraging-and-Securing-the-Bring-Your-Own-Device-and-Technology-Approach.aspx






Post your Comments and Discuss ISACA CISM exam dumps with other Community members:

Join the CISM Discussion