Certified Information Security Manager (CISM) — Question 1169

Which of the following is the MOST important element when developing an information security strategy?

Answer options

• A. Identifying and classifying information assets
• B. Determining the needs of the business
• C. Aligning to applicable laws and regulations
• D. Determining the risk management methodology

Correct answer: B

Explanation

The correct answer is B because understanding the business needs ensures that the security strategy supports organizational goals and objectives. While identifying assets, complying with laws, and risk management are important, they should align with the core requirements of the business.