Isaca Updated CISM Exam Questions and Answers by amari

A new security project is more likely to be approved if it aligns with the organization’s goals, objectives, and strategies. This shows that the project supports the business needs and adds value to the organization. Organizational alignment is one of the key elements of a business case for information security, as stated in the CISM Review Manual, 16th Edition1, page 41. IT strategy alignment, threats to the organization, and existing control costs are also important factors to consider, but they are not as persuasive as organizational alignment in obtaining approval for a new security project. References = 1: CISM Review Manual, 16th Edition by Isaca (Author)

Learn more:

1. isaca.org2. amazon.com3. gov.uk

Communicating and enforcing policies demonstrates leadership commitment and drives behavior across the organization, fostering a culture of security.

“Policies must be effectively communicated and enforced to influence culture and employee behavior.”

— CISM Review Manual 15th Edition, Chapter 1: Information Security Governance, Section: Security Culture*

 Strengthening endpoint security is the most immediate focus when shifting to a work-from-home model with an increased need for remote access security, as this reduces the risk of unauthorized access, data leakage, malware infection, and other threats that may compromise the confidentiality, integrity, and availability of the organization’s information assets. Moving to a zero trust access model, enabling network-level authentication, and enhancing cyber response capability are also important, but not as urgent as strengthening endpoint security, as they require more time, resources, and planning to implement effectively. References = CISM Review Manual 2023, page 1561; CISM Review Questions, Answers & Explanations Manual 2023, page 302; ISACA CISM - iSecPrep, page 153