Certified Information Security Manager (CISM) — Question 12

Which of the following BEST validates that security controls are implemented in a new business process?

Answer options

• A. Verify the use of a recognized control framework
• B. Review the process for conformance with information security best practices
• C. Benchmark the process against industry practices
• D. Assess the process according to information security policy

Correct answer: D

Explanation

The correct answer is D because assessing the process according to information security policy ensures that all specific security requirements are met. While the other options provide valuable insights, they do not offer the same level of assurance that the security controls are properly implemented as per organizational policies.