Certified Information Security Manager (CISM) — Question 1067

Which of the following is the MOST important success factor when developing an information security strategy?

Answer options

• A. The delivery of the strategy is adequately funded.
• B. The strategy is aligned with an industry-recognized security control framework.
• C. The strategy is based on proven technologies and industry trends.
• D. The strategy is approved by the board and executive management.

Correct answer: D

Explanation

The correct answer, D, emphasizes the importance of securing endorsement from the highest levels of the organization, which is crucial for effective implementation and support. While funding, alignment with frameworks, and technology are important, without board and executive approval, the strategy is unlikely to receive the necessary resources and attention to succeed.