Certified Information Security Manager (CISM) — Question 1124

The MAIN reason for having senior management review and approve an information security strategic plan is to ensure:

Answer options

• A. compliance with legal and regulatory requirements.
• B. the plan aligns with corporate governance.
• C. staff participation in information security efforts.
• D. the organization has the required funds to implement the plan.

Correct answer: B

Explanation

The correct answer is B because aligning the strategic plan with corporate governance ensures that it supports the organization's overall objectives and risk management framework. Options A, C, and D, while important, do not directly address the alignment with corporate governance, which is the main focus of senior management's approval.