Certified Information Security Manager (CISM) — Question 171

Which of the following is the BEST indication of a mature information security program?

Answer options

• A. Security spending is below budget.
• B. Security incidents are managed properly.
• C. Security resources are optimized.
• D. Security audit findings are reduced.

Correct answer: C

Explanation

The correct answer, C, indicates that a mature information security program effectively aligns resources with security needs, ensuring efficiency. While proper management of incidents (B) and reduced audit findings (D) are important, they do not encompass the overall optimization of resources. Being under budget (A) does not necessarily reflect the effectiveness or maturity of the security program.