Certified Information Security Manager (CISM) — Question 199

Which of the following messages would be MOST effective in obtaining senior management's commitment to information security management?

Answer options

• A. Security is a business product and not a process.
• B. Effective security eliminates risk to the business.
• C. Adopt a recognized framework with metrics.
• D. Security supports and protects the business.

Correct answer: D

Explanation

Option D is the most effective as it directly aligns security with the overall business objectives, emphasizing its role in support and protection. Options A and B do not convey the value of security in relation to business operations, while option C, although beneficial, lacks the direct appeal to management's commitment compared to option D.