The **CISM** focuses on security management. It is the certification of choice for managers who design, oversee, and assess an enterprise's information security. It is less technical than CISSP and more governance-oriented.
Answer : To align security with the organization's business objectives.
Ensures security supports rather than hinders organizational goals.
Answer : Preparation.
Setting up the plans, teams, and tools before an actual incident occurs.
Answer : The amount of risk an organization is willing to accept in pursuit of its goals.
Set by senior management to guide security investment and decision-making.
Answer : Security Policy.
The foundational document that outlines mandatory rules for the entire organization.
Answer : BCP handles business operations; DRP focuses specifically on IT system restoration.
A Disaster Recovery Plan (DRP) is a technical subset of a Business Continuity Plan (BCP).