Certified Information Security Manager (CISM) — Question 15

Which of the following is the MOST essential element of an information security program?

Answer options

• A. Prioritizing program deliverables based on available resources
• B. Benchmarking the program with global standards for relevance
• C. Involving functional managers in program development
• D. Applying project management practices used by the business

Correct answer: C

Explanation

Involving functional managers in program development is essential because their insights and expertise ensure that the security program aligns with organizational needs. The other options, while important, do not directly contribute to tailoring the security initiative to practical requirements, which is critical for its success.