Defining risk management is easy — it’s the process of identifying, assessing and controlling threats. Putting a risk management strategy into practice, however, is another story.
To be successful in security management, it’s critical to understand not only what risk management is, but also how to create and implement a plan that will help your organization counter risks and prepare to expect the unexpected.
ISACA’s Certified Information Security Manager (CISM) certification was created to help security pros validate they have what it takes to handle risk management.
“The certification is really a demonstration that you have the knowledge and experience already and that you’re serious about career growth in the field and want to go further with it,” said Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, published by McGraw-Hill.
Ready to go for your CISM to become a security or risk manager? Gregory readily admits it’s a difficult exam — even for a security pro. But, with some hard work and a lot of studying, test-takers can master the topics and prove their skills.
The following excerpt from Gregory’s book offers CISM practice exam questions from Chapter 3, “Information Risk Management.” This area constitutes 30% of the CISM exam, with questions on developing a risk management strategy, integrating risk management into an organization’s practices and culture, and monitoring and reporting risk.
Before taking the exam, test your CISM knowledge here. Download an excerpt of the book for even more questions.