Certified Information Security Manager (CISM) — Question 145

Which of the following has the GREATEST influence on an organization's information security strategy?

Answer options

• A. Industry security standards
• B. The organizational structure
• C. The organization's risk tolerance
• D. Information security awareness

Correct answer: C

Explanation

The organization's risk tolerance is the most crucial element because it dictates how much risk the organization is willing to accept and informs the security measures that need to be implemented. While industry standards, organizational structure, and security awareness are important, they are often shaped by the organization's risk tolerance, making it the primary influence on the overall security strategy.