CISM Certified Information Security Manager Practice Exam

Sample Questions

Q) Which of the following should be the FIRST step in developing an information security plan?

a) Perform a technical vulnerabilities assessment

b) Analyze the current business strategy

c) Perform a business impact analysis

d) Assess the current levels of security awareness

Q) Senior management commitment and support for information security can BEST be obtained through presentations that:

a) use illustrative examples of successful attacks.

b) explain the technical risks to the organization.

c) evaluate the organization against best security practices.

d) tie security risks to key business objectives.

Q) The MOST appropriate role for senior management in supporting information security is the:

a) evaluation of vendors offering security products.

b) assessment of risks to the organization.

c) approval of policy statements and funding.

d) monitoring adherence to regulatory requirements.

Q) Which of the following would BEST ensure the success of information security governance within an organization?

a) Steering committees approve security projects

b) Security policy training provided to all managers

c) Security training available to all employees on the intranet

d) Steering committees enforce compliance with laws and regulations