Certified Information Security Manager (CISM) — Question 1135

Which of the following is MOST helpful for retaining the support of executive management for an information security program?

Answer options

• A. Forming an information security steering committee to provide oversight of the program
• B. Providing regular performance reports on the effectiveness of the program
• C. Including satisfaction with information security in employee engagement surveys
• D. Developing business cases to justify continued expenses for security awareness

Correct answer: B

Explanation

Providing regular performance reports on the effectiveness of the program is crucial as it keeps executives informed about the program's impact and value. While forming a steering committee and developing business cases can also be beneficial, they do not directly demonstrate the program's effectiveness. Including satisfaction in employee surveys offers insight but is less targeted towards retaining executive support.