CISM Question #123: Real Exam Question with Answer & Explanation

Question

The MOST effective way for an information security manager to secure senior management support for the information security strategy is by:

Options

• Apresenting industry-specific information security best practices.
• Bdetermining cost effective information security controls.
• Ceducating management on information security program needs.
• Ddeveloping reports showing current threats to the organization.

Explanation

The most effective way to gain senior management support is by educating them on the necessity and benefits of the information security program, aligning it with business objectives.

Common mistakes.

• A. While best practices provide context, merely presenting them without tailoring to the organization's specific needs and educating on the 'why' is less effective.
• B. Cost-effectiveness is important, but management needs to first understand why the controls are needed before evaluating their cost.
• D. While threat reports can be part of the education, focusing solely on fear without a clear explanation of the program's strategic value is often less effective for sustained support.

Concept tested. Gaining senior management buy-in

No community discussion yet for this question.