Certified Information Security Manager (CISM) — Question 1206

The MOST useful technique for maintaining management support for the information security program is:

Answer options

• A. informing management about the security of business operations.
• B. identifying the risks and consequences of failure to comply with standards.
• C. benchmarking the security programs of comparable organizations.
• D. implementing a comprehensive security awareness and training program.

Correct answer: A

Explanation

The correct answer is A because keeping management informed about the security of business operations fosters ongoing support for the information security program. Options B, C, and D, while beneficial, do not directly engage management or maintain their support as effectively as continuous updates on operational security.