CISM Certified Information Security Manager Practice Exam

Sample Questions

Q) Which of the following should be the first step in developing a security plan?

a) Carry out a technical assessment of vulnerabilities

b) Analyze the current business strategy

c) Perform a Business Impact Analysis

d) Evaluate existing security awareness levels

Q) the senior management commitment and support for the security of information can be obtained through better presentations that:

a) using illustrative examples of successful attacks.

b) explain the technical risks to the organization.

c) evaluate the organization against best practice security.

d) tie security risks to their business objectives.

Q) The most appropriate role for the senior management commitment to information security is:

a) evaluation of vendors offering security products.

b) assessment of risks to the organization.

c) approve policy statements and funding.

d) monitor compliance with regulatory requirements.

Q) Which of the following would best ensure the success of the governance of information security within an organization?

a) steering committees approve security plans

b) security policy training provided to all directors

c) Safety training available to all employees on the intranet

d) steering committees to enforce compliance with laws and regulations

Q) the governance of information security is driven primarily by:

a) technological constraints.

b) regulatory requirements.

c) potential litigation

d) business strategy.