Note: Domains 3 and 4 make up nearly two-thirds of the exam. Prioritize practice questions here.
A large organization has experienced rapid growth through acquisitions. Each subsidiary has its own security policies. The new CISM is tasked with ensuring consistent security across the enterprise. What should the CISM do FIRST? cism practice questions and answers
If mitigation (fixing it) isn't possible and the business must continue (so avoidance is off the table), the business owner must accept the risk. The security manager's job is to document and communicate this acceptance, ensuring the business understands the implications. Note: Domains 3 and 4 make up nearly two-thirds of the exam
C. Risk is managed, not eliminated. Use BIA for priorities. CISM Domains: Key Areas of the Exam Each subsidiary has its own security policies
A security manager is developing metrics for the security program. Which metric would BEST indicate the effectiveness of the vulnerability management process?
A company is implementing a bring-your-own-device (BYOD) policy. Which of the following controls is MOST critical for protecting corporate data?