CISM : Certified Information Security Manager : Part 10

CISM : Part 1 - 40
CISA : Part 41 - 80

When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:
- details of expected security metrics.
- each party’s security responsibilities.
- penalties for noncompliance with security policy.
- recovery time objectives (RTOs).
Explanation:
It’s very important when organization start work with third party before signing the SLA negotiate the company current security needs and new security risk.
Which of the following would be MOST useful to help senior management understand the status of information security compliance?
- Industry benchmarks
- Risk assessment results
- Business impact analysis (BIA) results
- Key performance indicators (KPIs)
Which of the following is MOST likely to be included in an enterprise information security policy?
- Security monitoring strategy
- Audit trail review requirements
- Password composition requirements
- Consequences of noncompliance
Which of the following BEST demonstrates that an organization supports information security governance?
- Employees attend annual organization-wide security training.
- Information security policies are readily available to employees.
- The incident response plan is documented and tested regularly.
- Information security steering committee meetings are held regularly.
Which of the following should be the PRIMARY expectation of management when an organization introduces an information security governance framework?
- Optimized information security resources
- Consistent execution of information security strategy
- Improved accountability to shareholders
- Increased influence of security management
Which of the following is the BEST approach for an information security manager when developing new information security policies?
- Create a stakeholder map.
- Reference an industry standard.
- Establish an information security governance committee.
- Download a policy template.
When supporting a large corporation’s board of directors in the development of governance, which of the following is the PRIMARY function of the information security manager?
- Gaining commitment of senior management
- Preparing the security budget
- Providing advice and guidance
- Developing a balanced scorecard
When making an outsourcing decision, which of the following functions is MOST important to retain within the organization?
- Security management
- Incident response
- Risk assessment
- Security governance
Which of the following would be MOST important to consider when implementing security settings for a new system?
- Results from internal and external audits
- Government regulations and related penalties
- Business objectives and related IT risk
- Industry best practices applicable to the business
The MOST important outcome of information security governance is:
- business risk avoidance.
- informed decision making.
- alignment with business goals.
- alignment with compliance requirements.
Senior management commitment and support will MOST likely be offered when the value of information security governance is presented from a:
- threat perspective.
- compliance perspective.
- risk perspective.
- policy perspective.
Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:
- conducts frequent reviews of the security policy
- has established relationships with external professionals
- has a clearly defined charter and meeting protocols
- includes a mix of members from all levels of management
Which of the following is MOST important to the successful implementation of an information security governance framework across the organization?
- Organizational security controls deployed in line with regulations
- Security management processes aligned with security objectives
- The existing organizational security culture
- Security policies that adhere to industry best practices
Which of the following is the MOST effective way to achieve the integration of information security governance into corporate governance?
- Align information security budget requests to organizational goals
- Ensure information security efforts support business goals
- Provide periodic IT balanced scorecards to senior management
- Ensure information security aligns with IT strategy
To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:
- interview senior management
- conduct a risk assessment
- conduct a cost-benefit analysis
- perform a gap analysis
The PRIMARY purpose of implementing information security governance metrics is to:
- measure alignment with best practices.
- assess operational and program metrics.
- refine control operations,
- guide security towards the desired state.
Which of the following MOST effectively helps an organization to align information security governance with corporate governance?
- Promoting security as enabler to achieve business objectives
- Prioritizing security initiatives based on IT strategy
- Adopting global security standards to achieve business goals
- Developing security performance metrics
Which of the following is MOST helpful for aligning security operations with the IT governance framework?
- Information security policy
- Security risk assessment
- Security operations program
- Business impact analysis (BIA)
Which of the following is the BEST approach for an information security manager to effectively manage third-party risk?
- Ensure controls are implemented to address changes in risk.
- Ensure senior management has approved the vendor relationship.
- Ensure risk management efforts are commensurate with risk exposure.
- Ensure vendor governance controls are in place.
When trying to integrate information security across an organization, the MOST important goal for a governing body should be to ensure:
- the resources used for information security projects are kept to a minimum.
- information security is treated as a business critical issue.
- funding is approved for requested information security projects.
- periodic information security audits are conducted.

CISM : Part 1 - 40
CISA : Part 41 - 80

CISM : Certified Information Security Manager : All Parts
CISM Part 01	CISM Part 11	CISM Part 21	CISM Part 31
CISM Part 02	CISM Part 12	CISM Part 22	CISM Part 32
CISM Part 03	CISM Part 13	CISM Part 23	CISM Part 33
CISM Part 04	CISM Part 14	CISM Part 24	CISM Part 34
CISM Part 05	CISM Part 15	CISM Part 25	CISM Part 35
CISM Part 06	CISM Part 16	CISM Part 26	CISM Part 36
CISM Part 07	CISM Part 17	CISM Part 27	CISM Part 37
CISM Part 08	CISM Part 18	CISM Part 28	CISM Part 38
CISM Part 09	CISM Part 19	CISM Part 29	CISM Part 39
CISM Part 10	CISM Part 20	CISM Part 30	CISM Part 40

CISM : Certified Information Security Manager : All Parts
CISM Part 41	CISM Part 51	CISM Part 61	CISM Part 71
CISM Part 42	CISM Part 52	CISM Part 62	CISM Part 72
CISM Part 43	CISM Part 53	CISM Part 63	CISM Part 73
CISM Part 44	CISM Part 54	CISM Part 64	CISM Part 74
CISM Part 45	CISM Part 55	CISM Part 65	CISM Part 75
CISM Part 46	CISM Part 56	CISM Part 66	CISM Part 76
CISM Part 47	CISM Part 57	CISM Part 67	CISM Part 77
CISM Part 48	CISM Part 58	CISM Part 68	CISM Part 78
CISM Part 49	CISM Part 59	CISM Part 69	CISM Part 79
CISM Part 50	CISM Part 60	CISM Part 70	CISM Part 80

CISM : Certified Information Security Manager : All Parts
CISM Part 01	CISM Part 11	CISM Part 21	CISM Part 31
CISM Part 02	CISM Part 12	CISM Part 22	CISM Part 32
CISM Part 03	CISM Part 13	CISM Part 23	CISM Part 33
CISM Part 04	CISM Part 14	CISM Part 24	CISM Part 34
CISM Part 05	CISM Part 15	CISM Part 25	CISM Part 35
CISM Part 06	CISM Part 16	CISM Part 26	CISM Part 36
CISM Part 07	CISM Part 17	CISM Part 27	CISM Part 37
CISM Part 08	CISM Part 18	CISM Part 28	CISM Part 38
CISM Part 09	CISM Part 19	CISM Part 29	CISM Part 39
CISM Part 10	CISM Part 20	CISM Part 30	CISM Part 40

CISM : Certified Information Security Manager : All Parts
CISM Part 41	CISM Part 51	CISM Part 61	CISM Part 71
CISM Part 42	CISM Part 52	CISM Part 62	CISM Part 72
CISM Part 43	CISM Part 53	CISM Part 63	CISM Part 73
CISM Part 44	CISM Part 54	CISM Part 64	CISM Part 74
CISM Part 45	CISM Part 55	CISM Part 65	CISM Part 75
CISM Part 46	CISM Part 56	CISM Part 66	CISM Part 76
CISM Part 47	CISM Part 57	CISM Part 67	CISM Part 77
CISM Part 48	CISM Part 58	CISM Part 68	CISM Part 78
CISM Part 49	CISM Part 59	CISM Part 69	CISM Part 79
CISM Part 50	CISM Part 60	CISM Part 70	CISM Part 80

CISM : Certified Information Security Manager : Part 10

When an organization and its IT-hosting service provider are establishing a contract with each other, it is MOST important that the contract includes:

Which of the following would be MOST useful to help senior management understand the status of information security compliance?

Which of the following is MOST likely to be included in an enterprise information security policy?

Which of the following BEST demonstrates that an organization supports information security governance?

Which of the following should be the PRIMARY expectation of management when an organization introduces an information security governance framework?

Which of the following is the BEST approach for an information security manager when developing new information security policies?

When supporting a large corporation’s board of directors in the development of governance, which of the following is the PRIMARY function of the information security manager?

When making an outsourcing decision, which of the following functions is MOST important to retain within the organization?

Which of the following would be MOST important to consider when implementing security settings for a new system?

The MOST important outcome of information security governance is:

Senior management commitment and support will MOST likely be offered when the value of information security governance is presented from a:

Within a security governance framework, which of the following is the MOST important characteristic of the information security committee? The committee:

Which of the following is MOST important to the successful implementation of an information security governance framework across the organization?

Which of the following is the MOST effective way to achieve the integration of information security governance into corporate governance?

To gain a clear understanding of the impact that a new regulatory requirement will have on an organization’s information security controls, an information security manager should FIRST:

The PRIMARY purpose of implementing information security governance metrics is to:

Which of the following MOST effectively helps an organization to align information security governance with corporate governance?

Which of the following is MOST helpful for aligning security operations with the IT governance framework?

Which of the following is the BEST approach for an information security manager to effectively manage third-party risk?

When trying to integrate information security across an organization, the MOST important goal for a governing body should be to ensure: