Certified Information Security Manager (CISM) — Question 365

Which of the following is the BEST way to obtain support for a new organization-wide information security program?

Answer options

• A. Deliver an information security awareness campaign.
• B. Publish an information security RACI chart.
• C. Benchmark against similar industry organizations.
• D. Establish an information security strategy committee.

Correct answer: D

Explanation

The correct answer, D, is ideal because forming a strategy committee allows for collaboration and input from various stakeholders, ensuring broader support and alignment with business goals. Options A, B, and C, while useful, do not directly engage stakeholders in the decision-making process or create a governance structure necessary for a successful program.