Certified Information Security Manager (CISM) Quiz Questions and Answers

An Information Security manager reviewed the access control lists and observed that privileged access was granted to an entire department. Which of the following should the information security manager do first?

Answer :
  • Meet with data owners to understand business needs

What is the overall objective of Risk Management?

Answer :
  • Manage risk to an acceptable level

What should a risk analysis focus on?

Answer :
  • Addressing the potential size and likelihood of loss

When an organization is setting up a relationship with a third-party IT service provider, which of the following is one of the MOST important topics to include in the contract from a security standpoint?

Answer :
  • Compliance with the organization’s information security requirements

Which of the following would be most effective in successfully implementing restrictive password policies?

Answer :
  • Security awareness program

An IS manager has decided to implement a security system to monitor access to the Internet and prevent access to numerous sites. Immediately upon installation, employees flood the IT help desk with complaints of being unable to perform business functions on Internet sites. Which of the following features this as an example?

Answer :
  • Conflicting security controls with organizational needs

What is the information security manager is primarily responsible for in implementing information security governance?

Answer :
  • Developing the security strategy

A security manager is preparing a report to obtain the commitment of executive management to a security program. Inclusion of which of the following items would be of most value?

Answer :
  • Associating realistic threats to corporate objectives

Which of the following is the most appropriate use of gap analysis?

Answer :
  • Measuring current state versus desired future state

Which of the following actions should be taken when an online trading company discovers a network attack in progress?

Answer :
  • Isolate the affected network segment