Certified Information Security Manager (CISM) — Question 268
Which of the following is the MOST important input to the development of an effective information security strategy?
Answer options
- A. Well-defined security policies and procedures
- B. Current and desired state of security
- C. Business processes and requirements
- D. Risk and business impact assessments
Correct answer: B
Explanation
The correct answer is B, as understanding the current and desired state of security is essential for tailoring an effective strategy. While the other options, such as well-defined policies and business requirements, are important, they stem from the foundational knowledge of where the organization currently stands and where it aims to be in terms of security.