Certified Information Security Manager (CISM) certification is a globally recognized professional requirement in the IT Security domain. PassQuestion new updated Certified Information Security Manager (CISM) Exam Questions which grant you the best efficient pathway to achieve the most career-enhancing CISM Certification. You will get the Certified Information Security Manager (CISM) Exam Questions from all the topics which confirms a quality learning experience. Learn all these CISM exam questions and answers to ensure your success in the Certified Information Security Manager exam. With the aid of the CISM Exam Questions, you can also achieve the goal of understanding the real exam and pass your CISM Certification exam successfully. 

Certified Information Security Manager (CISM) Certification

ISACA's Certified Information Security Manager (CISM) certification is for those with technical expertise and experience in IS/IT security and control and wants to make the move from team player to manager. CISM can add credibility and confidence to your interactions with internal and external stakeholders, peers and regulators. ISACA's Certified Information Security Manager (CISM) certification indicates expertise in information security governance, program development and management, incident management and risk management.

CISM (Certified Information Security Manager) is a key certification for information security professionals who manage, design, oversee, and assess enterprise information security. This certification is best suited for security consultants and managers, IT directors and managers, security auditors and architects, security system engineers, CISOs, information security managers, IT consultants, and risk officers.

CISM exam changing 1 June 2022. Last date to take the current exam: 31 May 2022. The CISM exam is getting an update. The CISM Exam Content Outline will be updated 1 June 2022. You can still take the current CISM exam based on the current content outline until the changeover. 

Current Content Outline Before 31 May 2022

The CISM job practice consists of task and knowledge statements, organized by domains. The CISM exam contains 150 questions and covers four information security management areas, each of which is further defined and detailed through Task & Knowledge statements.

The job practice areas and statements were approved by the CISM Certification Working Group and represent a job practice analysis of the work performed by information security managers as validated by prominent industry leaders, subject matter experts, and industry practitioners.

Below are the key domains, subtopics and tasks candidates will be tested on through 31 May 2022:
Domain 1—Information Security Governance - (24%) 
Domain 2—Information Risk Management - (30%)
Domain 3—Information Security Program Development and Management - (27%)
Domain 4— Information Security Incident Management - (19%)

Content Outline Update On 1 June 2022 and Later

The CISM job practice consists of task and knowledge statements, organized by domains. The CISM exam contains 150 questions and covers four information security management areas.

The job practice areas and statements were approved by the CISM Certification Working Group and represent a job practice analysis of the work performed by information security managers as validated by prominent industry leaders, subject matter experts, and industry practitioners.

Below are the key domains, subtopics and tasks candidates will be tested on starting 1 June 2022:
Domain 1   Information Security Governance    17%
Domain 2   Information Security Risk Management       20%
Domain 3   Information Security Program        33%
Domain 4   Incident Management         30%

View Online Certified Information Security Manager (CISM) Free Questions

Which of the following should be done FIRST when establishing a new data protection program that must comply with applicable data privacy regulations?
A.Update disciplinary processes to address privacy violations
B.Create an inventory of systems where personal C stored
C.Evaluate privacy technologies required for data protection
D.Encrypt all personal data stored on systems and networks
Answer : B

An information security manager learns that a departmental system is out of compliance with the information security policy's authentication requirements. Which of the following should be the information security manager's FIRST course of action?
A.Isolate the noncompliant system from the rest of the network.
B.Conduct an impact analysis to quantify the associated risk
C.Request risk acceptance from senior management.
D.Submit the issue to the steering committee for escalation.
Answer:B

Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?
A.The framework includes industry-recognized information security best practices.
B.The number of security incidents has significantly declined
C.The business has obtained framework certification.
D.Objectives in the framework correlate directly to business practices
Answer : D

Which of the following is the BEST indication that a recently adopted information security framework is a good fit for an organization?
A.The framework includes industry-recognized information security best practices.
B.The number of security incidents has significantly declined
C.The business has obtained framework certification.
D.Objectives in the framework correlate directly to business practices
Answer : D

Which of the following stakeholders would provide the BEST guidance in aligning the information security strategy with organizational goals?
A.Board of directors
B.Chief information officer (CIO)
C.Chief information security officer (CISO)
D.information security steering committee
Answer:D

Which of the following provides the BEST evidence that the information security program is aligned to the business strategy?
A.Information security initiatives are directly correlated to business processes.
B.The information security team is able to provide key performance indicators (KPIs) to senior management.
C.Business senior management supports the information security policies.
D.The information security program manages risk within the business1* risk tolerance.
Answer:C

Which of the following would be MOST useful to help senior management understand the status of information security compliance?
A.Industry benchmarks
B.Risk assessment results
C.Business impact analysis (BIA) results
D.Key performance indicators (KPIs)
Answer:B

Which of the following is the MOST important factor to be considered when reviewing an information security strategy?
A.Frequency of security incidents
B.Benchmarking to industry peers
C.Evolving business goals
D.Unmitigated risk
Answer:C