Certified Information Security Manager (CISM) — Question 184

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

Answer options

• A. Develop a project plan to implement the strategy
• B. Obtain consensus on the strategy from the executive board
• C. Define organizational risk tolerance
• D. Review alignment with business goals

Correct answer: A

Explanation

The correct answer is A because developing a project plan is essential to translate the roadmap into actionable steps for implementation. While obtaining consensus, defining risk tolerance, and reviewing alignment with business goals are important, they are typically steps that precede the actual execution of the strategy.