Certified Information Security Manager (CISM) — Question 194

Reviewing which of the following would be MOST helpful when a new information security manager is developing an information security strategy for a non-regulated organization?

Answer options

• A. Management’s business goals and objectives
• B. Strategies of other non-regulated companies
• C. Industry best practices and control recommendations
• D. Risk assessment results

Correct answer: A

Explanation

The correct answer is A because aligning the information security strategy with management's business goals ensures that security efforts support the organization's overall objectives. The other options, while useful, do not provide the same level of direct relevance to the specific goals of the organization.