CISM • Practice Test 32
Free CISM practice test — 15 questions with explanations. Set 32. No signup required.
Based on the exhibit, which role is missing from the governance policy that would be essential for enforcing accountability?
Refer to the exhibit.
```
$ cat governance_policy.json
{
"policyName": "Information Security Governance Policy",
"version": "2.0",
"scope": "All business units and subsidiaries",
"roles": {
"board": "Approve risk appetite and review security performance quarterly",
"ceo": "Provide strategic direction and resources",
"ciso": "Develop and implement security program",
"businessManagers": "Ensure compliance within their units",
"internalAudit": "Independent assurance on governance effectiveness"
},
"processes": {
"riskAssessment": "Annual risk assessment and quarterly updates",
"strategyAlignment": "Annual review of security strategy with business strategy",
"reporting": "Quarterly dashboard to board, monthly to management"
}
}
```