Certified Information Security Manager (CISM) — Question 1066

Which of the following is the MOST effective way to determine the alignment of an information security program with the business strategy?

Answer options

• A. Evaluate the results of business continuity testing.
• B. Evaluate the business impact of incidents.
• C. Review key performance indicators (KPIs).
• D. Engage business process owners.

Correct answer: D

Explanation

Engaging business process owners is crucial as they can provide insights into business objectives and ensure that the security program supports those goals. The other options, while valuable, do not directly involve the business strategy or the input from those who manage business processes, making them less effective for this specific alignment assessment.