Certified Information Security Manager (CISM) — Question 1130

Which of the following BEST indicates ongoing senior management commitment to the organization's information security strategy?

Answer options

• A. An efficient incident response program
• B. Established key performance indicators (KPIs)
• C. A comprehensive security awareness training program
• D. Adequate funding for the information security program

Correct answer: D

Explanation

Adequate funding for the information security program is a clear indicator of senior management's ongoing commitment, as it demonstrates their prioritization of security initiatives. While an efficient incident response program, established KPIs, and a comprehensive training program are important, they do not directly reflect the level of financial support that shows management's commitment.