Certified Information Security Manager (CISM) — Question 279

To address the issue that performance pressures on IT may conflict with information security controls, it is MOST important that:

Answer options

• A. the steering committee provides guidance and dispute resolution.
• B. the security policy is changed to accommodate IT performance pressure.
• C. IT policies and procedures are better aligned to security policies.
• D. noncompliance issues are reported to senior management.

Correct answer: A

Explanation

The correct answer, A, highlights the importance of having a steering committee that can guide and resolve conflicts between performance and security. Option B incorrectly suggests altering security policies to fit performance needs, which could weaken security. Option C, while beneficial, does not directly address the conflict resolution needed in this scenario. Option D focuses on reporting issues rather than proactively managing the balance between performance and security.