Certified Information Security Manager (CISM) — Question 1026

The MOST effective way for an information security manager to secure senior management support for the information security strategy is by:

Answer options

• A. presenting industry-specific information security best practices.
• B. determining cost effective information security controls.
• C. educating management on information security program needs.
• D. developing reports showing current threats to the organization.

Correct answer: C

Explanation

The correct answer is C because educating management on the needs of the information security program helps them understand the importance of security and fosters their support. Options A and D may provide valuable context but do not directly engage management with the program's needs. Option B focuses on cost but does not emphasize the necessity of security education.