Certified Information Security Manager (CISM) — Question 1086

An information security manager wants to upgrade an organization's workstations to a new operating system version. Which of the following would be MOST helpful to gain senior management support for the upgrade?

Answer options

• A. The results of user surveys indicating issues with the current operating system
• B. A list of the latest security features in the new operating system
• C. A summary of performance improvements in the new operating system
• D. An assessment of the current operating system based on risk

Correct answer: D

Explanation

The correct answer is D because understanding the risks associated with the current operating system can effectively highlight the need for an upgrade and resonate with senior management's focus on risk management. Options A, B, and C, while informative, do not directly address risk and may not convey the urgency or necessity for the upgrade as clearly as an assessment based on risk would.