Recreated_Enterprise_Governance_Questions Flashcards
- What is the primary purpose of information security governance in an organization?
A. To ensure compliance with IT frameworks
B. To align security efforts with business goals
C. To reduce employee errors
D. To implement technical controls
B. To align security efforts with business goals
Excerpt: ‘The purpose of security governance is to align the organization’s security program with the needs of the business.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- Which of the following is a key outcome of information security governance?
A. Increasing reliance on external consultants
B. Aligning information security with enterprise strategy
C. Reducing operational costs of IT departments
D. Enhancing software development speed
B. Aligning information security with enterprise strategy
Excerpt: ‘Strategic alignment is achieved by aligning information security with business strategy to support organizational objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- What is the role of the Chief Information Security Officer (CISO) in governance?
A. Develop business-aligned security strategies
B. Oversee marketing strategies
C. Review financial auditing practices
D. Manage human resource operations
A. Develop business-aligned security strategies
Excerpt: ‘The CISO is responsible for developing business-aligned security strategies that support current and future business initiatives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- What is a major benefit of integrating information security governance into corporate governance?
A. Reduced dependence on legal advice
B. Improved visibility of security in organizational decisions
C. Increased project timelines
D. Simplified vendor management
B. Improved visibility of security in organizational decisions
Excerpt: ‘Integrating information security governance into corporate governance ensures security is considered in key business decisions.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- Which governance activity is primarily focused on identifying and reducing risks?
A. Business continuity planning
B. Risk management
C. Incident response
D. Regulatory compliance
B. Risk management
Excerpt: ‘Risk management involves identifying risks in information systems and processes to reduce potential impacts.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- What is the primary function of a security steering committee?
A. To develop new IT frameworks
B. To ensure alignment of security initiatives with business priorities
C. To manage employee satisfaction surveys
D. To lead sales and marketing campaigns
B. To ensure alignment of security initiatives with business priorities
Excerpt: ‘The primary mission of a security steering committee is to align security efforts with business priorities.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- What is the primary consideration when defining acceptable use policies (AUP)?
A. Compliance with marketing guidelines
B. Alignment with organizational goals
C. Employee preferences
D. Reducing IT workload
B. Alignment with organizational goals
Excerpt: ‘An acceptable use policy (AUP) should align with the organization’s overall goals and objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- Which of the following describes the term ‘risk appetite’?
A. The level of risk an organization is willing to accept
B. The organization’s reaction to regulatory changes
C. The legal penalties for non-compliance
D. The willingness of employees to follow rules
A. The level of risk an organization is willing to accept
Excerpt: ‘Risk appetite is defined as the level of risk an organization is willing to accept while pursuing its objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- What is the primary goal of strategic alignment in information security governance?
A. To implement the latest security tools
B. To align security initiatives with business objectives
C. To minimize IT costs
D. To maximize regulatory compliance
B. To align security initiatives with business objectives
Excerpt: ‘Strategic alignment involves aligning information security with business strategy to support organizational objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- Which component is essential for effective risk management in governance?
A. Understanding risk exposure
B. Reducing operational overhead
C. Avoiding all potential risks
D. Increasing organizational transparency
A. Understanding risk exposure
Excerpt: ‘Risk management requires understanding the risk exposure and potential consequences of compromise.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- What is the benefit of integrating assurance processes into information security governance?
A. Reducing the need for external audits
B. Ensuring processes operate as intended
C. Simplifying IT management tasks
D. Eliminating regulatory requirements
B. Ensuring processes operate as intended
Excerpt: ‘Assurance process integration ensures that processes operate as intended from end to end.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- What is a key outcome of performance measurement in governance?
A. Improved financial performance
B. Identification of shortcomings in processes
C. Elimination of all risks
D. Reduced need for strategic alignment
B. Identification of shortcomings in processes
Excerpt: ‘Performance measurement helps identify shortcomings and provides feedback on progress made toward resolving issues.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- Why is resource optimization important in information security governance?
A. To reduce the workforce size
B. To ensure efficient use of security infrastructure
C. To eliminate the need for policies
D. To minimize compliance costs
B. To ensure efficient use of security infrastructure
Excerpt: ‘Resource optimization involves using information security knowledge and infrastructure efficiently and effectively.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- What is a primary responsibility of the board of directors in information security governance?
A. To select IT systems for the organization
B. To oversee corporate governance activities
C. To implement technical controls
D. To draft acceptable use policies
B. To oversee corporate governance activities
Excerpt: ‘The board of directors is accountable for ensuring corporate governance includes considerations for information security.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- What is the main role of organizational culture in information security governance?
A. To dictate employee dress codes
B. To influence how employees manage information security
C. To define regulatory requirements
D. To enforce technical security measures
B. To influence how employees manage information security
Excerpt: ‘Organizational culture affects how personnel work, think, and relate to one another, impacting information security.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- Why is business alignment critical in information security governance?
A. To reduce the number of policies
B. To ensure security measures support organizational goals
C. To streamline IT operations
D. To minimize security awareness training
B. To ensure security measures support organizational goals
Excerpt: ‘Business alignment ensures the security program supports the organization’s mission and objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- Which of the following best describes a RACI chart?
A. A tool for managing financial audits
B. A chart that defines roles and responsibilities
C. A compliance checklist
D. A list of technical controls
B. A chart that defines roles and responsibilities
Excerpt: ‘A RACI chart assigns levels of responsibility to individuals and groups for various business activities.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
- What is the primary consideration in developing an acceptable use policy (AUP)?
A. Protecting employee rights
B. Ensuring alignment with organizational security objectives
C. Avoiding legal requirements
D. Simplifying IT management tasks
B. Ensuring alignment with organizational security objectives
Excerpt: ‘An acceptable use policy should define permitted activities aligned with organizational security objectives.’ - Gregory P. CISM, Chapter 1, Enterprise Governance
“Vision flows downward in an organization….”
Name all 9 levels of the business strategy pyramid in descending order from highest level to most operational
Business Vision
Business Strategy
Business Objectives
IT Strategy
IT Security Strategy
Security Policy
Security Standards
Security Processes
Security Metrics
