option
Questions
ayuda
daypo
search.php

CISM 1 Building an Information Security Strategy

COMMENTS STATISTICS RECORDS
TAKE THE TEST
Title of test:
CISM 1 Building an Information Security Strategy

Description:
CISM 1 Test

Creation Date: 2026/07/17

Category: Others

Number of questions: 18

Rating:(0)
Share the Test:
Nuevo ComentarioNuevo Comentario
New Comment
NO RECORDS
Content:

Which of the following should be done FIRST when developing an information security strategy that is aligned with organizational goals?. Establish a security risk framework with key risk indicators (KRIs). Determine information security's impact on the achievement of organizational goals. Access Information security risk associated with the organizational goals. Select information security projects related to the organizational goals.

An information security policy was amended recently to support an organization's new information security strategy. Which of the following should be the information security manager's NEXT step?. Evaluate the alignment with business strategy. Update standards and procedures. Review technical controls. Refresh the security training program.

Which of the following should be the PRIMARY basis for determining information security objectives?. Business Strategy. Regulatory Requirements. Information Security Strategy. Data Classification.

Which of the following should be done FIRST to ensure a new critical cloud application can be supported by internal personnel?. Establish a capability maturity model. Develop a training plan. Conduct a risk assessment. Perform a skills gap analysis.

Which of the following is the MOST important success factor when developing an information security strategy?. The delivery of the strategy is adequately funded. The strategy is aligned with an industry-recognized security control framework. The strategy is based on proven technologies and industry needs. The strategy is approved by the board an executive management.

Which of the following is the GREATEST benefit of effective information security governance?. Treatment priorities are based on risk exposure. Information security standards are communicated to primary stakeholders. The information security budget is aligned to the organization. Executive management's strategy is aligned to the information security strategy.

Which of the following is the PRIMARY objective of developing an information security program that aligns with the information security strategy?. To define the resources required to achieve information security goals. To define a bottom-up approach for implementing information security policies. To define standards to be implemented. To define risk mitigation plans for security technologies.

Which of the following is MOST effective in gaining support for the information security strategy from senior management?. Cost-benefit analysis results. Third-party security audit results. Business impact analysis (BIA) results. A major breach at a competitor.

Which of the following is MOST effective in gaining support for the information security strategy from senior management?. Number of blocked intrusion attempts. Number of business cases reviewed by senior management. Trends in the number of identified threats to the business. Percentage of controls integrated into business process.

Which of the following should an information security manager do FIRST after a new cybersecurity regulation has been introduced?. Consult corporate legal counsel. Conduct a cost-benefit analysis. Update the information security policy. Perform a gap analysis.

What should a global information security manager do FIRST when informed that a new regulation with significant impact will go into effect soon?. Perform a vulnerability assessment. Perform a business impact analysis (BIA). Perform a privacy impact assessment. Perform a gap analysis.

Which of the following is the BEST approach for an information security manager to develop an organization's information security strategy?. Budget training costs and contingencies for unexpected events. Determine desired outcomes and perform a gap analysis. Evaluate the security posture in comparison with comeptitors. Estimate operational costs and perform reliability checks.

Which of the following is the PRIMARY responsibility of an information security governance committee?. Reviewing the information security risk register. Approving changes to the information security strategy. Discussing upcoming information security projects. Reviewing monthly information security metrics.

The chief information security officer (CISO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy. Which of the following is the MOST likely reason?. The strategy does not include a cost-benefit analysis. There was a lack of engagement with the business during deployment. The strategy does not comply with security standards. The CISO reports directly to the CIO.

Which of the following is MOST important to include in an information security strategy?. Industry benchmarks. Stakeholder Requirements. Risk register. Regulatory requirements.

Which of the following BEST indicates ongoing senior management commitment to the organization's information security strategy?. An efficient incident response program. Established key performance Indicators (KPIs). A comprehensive security awareness training program. Adequate funding for the information security program.

Of the following, who would provide the MOST relevant input when aligning the information security strategy with organizational goals?. Data Privacy officer (DPO). Chief information security officer (CISO). Information security steering committee. Enterprise risk committee.

An organization plans to adopt a DevOps approach for innovative application development. Which of the following should be the information security manager's MOST important consideration with regard to the information security strategy?. Risk profile may change with the new approach. The identified framework may not be appropriate. Security policies may need to be revised. Security staff may lack software coding skills.

Report abuse