Certified Information Security Manager (CISM) — Question 235

An organization is considering the deployment of encryption software and systems organization-wide. The MOST important consideration should be whether:

Answer options

• A. a classification policy has been developed to incorporate the need for encryption
• B. the business strategy includes exceptions to the encryption standard
• C. data can be recovered if the encryption keys are misplaced
• D. the implementation supports the business strategy

Correct answer: D

Explanation

The correct answer is D because ensuring that the encryption implementation aligns with the business strategy is crucial for overall effectiveness. Options A, B, and C, while important considerations, are secondary to the necessity of a strategic fit, which is essential for successful deployment.