Certified Information Security Manager (CISM) — Question 1171

The MOST important element in achieving executive commitment to an information security governance program is:

Answer options

• A. identified business drivers.
• B. a process improvement model.
• C. established security strategies.
• D. a defined security framework.

Correct answer: A

Explanation

Identified business drivers are crucial because they align the security program with organizational goals, making it easier for executives to see its value. The other options—process improvement models, established security strategies, and defined security frameworks—are important, but they do not directly connect with the executives' strategic priorities as business drivers do.