Certified Information Security Manager (CISM) — Question 234

Which of the following should be the MOST important consideration when reviewing an information security strategy?

Answer options

• A. Changes to the security budget
• B. New business initiatives
• C. Internal audit findings
• D. Recent security incidents

Correct answer: B

Explanation

The most critical factor to consider is new business initiatives, as they often dictate the security needs and risks associated with organizational changes. While changes to the security budget, internal audit findings, and recent security incidents are important, they are typically reactive in nature compared to the proactive approach required for new business initiatives.