Certified Information Security Manager (CISM) — Question 156

Which of the following is MOST important to ensure ongoing senior management commitment to an organization’s information security strategy?

Answer options

• A. Effective and reliable security reporting
• B. A well-defined information security control framework
• C. A detailed and documented business impact analysis (BIA)
• D. Strategic alignment to an industry framework

Correct answer: A

Explanation

Effective and reliable security reporting is essential as it provides senior management with the necessary insights into the security posture and risks, ensuring they remain engaged and informed. While a well-defined framework, BIA, and strategic alignment are important, they do not directly facilitate ongoing commitment as effectively as consistent and reliable reporting does.