Certified Information Security Manager (CISM) — Question 370

Which of the following BEST facilitates an information security manager’s efforts to obtain senior management commitment for an information security program?

Answer options

• A. Presenting evidence of inherent risk
• B. Reporting the security maturity level
• C. Presenting compliance requirements
• D. Communicating the residual risk

Correct answer: A

Explanation

Presenting evidence of inherent risk is crucial as it highlights the potential threats and vulnerabilities that the organization faces, thereby making a compelling case for the need for a security program. Reporting the security maturity level, presenting compliance requirements, and communicating the residual risk, while important, do not directly illustrate the urgency and necessity of addressing inherent risks to gain senior management's commitment.