Certified Information Security Manager (CISM) — Question 1078

Which of the following is MOST important to the successful implementation of a new information security program?

Answer options

• A. Evaluating current information security processes
• B. Gaining commitment from senior management
• C. Conducting regular external benchmarking
• D. Monitoring key performance indicators (KPIs)

Correct answer: B

Explanation

Gaining commitment from senior management is essential because it ensures that the necessary resources and support are allocated for the information security program. Without their backing, even the best strategies might not be executed effectively. The other options, while important, do not hold the same level of influence in securing the program's success.