Certified Information Security Manager (CISM) — Question 294

Which of the following provides the MOST essential input for the development of an information security strategy?

Answer options

• A. Results of an information security gap analysis
• B. Measurement of security performance against IT goals
• C. Results of a technology risk assessment
• D. Availability of capable information security resources

Correct answer: C

Explanation

The correct answer is C because the results of a technology risk assessment identify specific vulnerabilities and threats, which are critical for formulating a robust information security strategy. Options A and B, while useful, do not provide comprehensive insights into potential risks, and D addresses resource availability rather than strategic input.