©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
CISM Exam Practice Questions and Answers (100% Pass)
Information Security Governance Structure - Answer✔️✔️-Governance ensures that
stakeholder needs, conditions, and options are evaluated to determined balanced,
agreed upon enterprise objectives to be achieved.
Business Alignment involves: - Answer✔️✔️-Mission, Goals/Objectives, and
Strategy
What does Information Security governance provide? - Answer✔️✔️-Objectives,
Strategy, Policy, Processes, Controls, Metrics/Reporting
Key results of an effective security governance program: - Answer✔️✔️-Increased
Trust & Improved Reputation
ISACA Definition of Risk Appetite: - Answer✔️✔️-The level of risk that an
organization is willing to accept while in pursuit of its mission, strategy, and
objectives, and before action is needed to treat the risk.
ISACA Definition of Risk Capacity: - Answer✔️✔️-The objective amount of loss
that an organization can tolerate without its continued existence being called into
question
1
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
ISACA Definition of Risk Profile: - Answer✔️✔️-Documents the types, amounts
and priority of information risk that an organization finds acceptable and
unacceptable. This profile is developed collaboratively with numerous stakeholders
throughout the organization, including data and process owners, enterprise risk
management, internal and external audit, legal, compliance, & privacy.
Mature Organizations Will: - Answer✔️✔️-Develop and publish a statement of risk
tolerance or appetite that expresses risk tolerance levels throughout the business
What do we really need to have a handle on?: - Answer✔️✔️-Technology
Architecture
People
Process
Information Security governance is most effective when: - Answer✔️✔️-Every
person in the organization knows what is expected of them.
RACI Charts: - Answer✔️✔️-Charts that show Responsibility, Accountability,
Consultation, and Informed roles for project stakeholders
Variations of RACI Model: - Answer✔️✔️-Participant, Accountable, Review
Required, Input Required, Sign off Required (PARIS)
2
,©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
Perform, Accountable, Control, Support, Informed (PACSI)
Board of Directors Principle 1 - Answer✔️✔️-Approach Cybersecurity as enterprise
wide issue, rather than just IT issue.
Board of Directors Principle 2 - Answer✔️✔️-Understand legal implications
associated with cyber risk.
Board of Directors Principle 3 - Answer✔️✔️-Boards should have adequate access
to cyber expertise and allow ample time to discuss cyber topics during board
meetings.
Board of Directors Principle 4 - Answer✔️✔️-Boards should set the expectation that
management will establish an enterprise-wide cyber-risk management framework
with adequate staffing and budget.
Board of Directors Principle 5 - Answer✔️✔️-Board management discussions about
cyber risk should include identification of which risks to avoid, which to accept,
and which to mitigate or transfer through insurance, as well as specific plans
associated with each approach.
3
, ©PREP4EXAMS 2024/2025 REAL EXAM DUMPS Tuesday, August 6, 2024 10,57 AM
Security Steering Committee - Answer✔️✔️-Consisting of stakeholders from many
(if not all) of the organizations business units, departments, functions, and principal
locations.
Steering Committee Responsibilities - Answer✔️✔️-Risk treatment deliberation and
recommendation
Discussion and coordination of IT and security projects
Review of recent risk assessments
Discussion of new laws, regulations, and requirements
Review of recent security incidents
Function Definition: - Answer✔️✔️-In the case of business applications and
services, asset owners determine which functions will be available, how they will
work, and how they will support business processes.
Process Definition: - Answer✔️✔️-Process owners determine the sequences, steps,
roles, and actions carried out in their business processes.
Chief Privacy Officer - Answer✔️✔️-Duties mainly involved oversight into the
organizations properly handling and use of PII.
4
