Certified Information Security Manager (CISM) — Question 384

Which of the following is the MOST critical factor for information security program success?

Answer options

• A. A comprehensive risk assessment program for information security
• B. The information security manager's knowledge of the business
• C. Ongoing audits and addressing open items
• D. Security staff with appropriate training and adequate resources

Correct answer: B

Explanation

The correct answer is B because the information security manager's knowledge of the business is essential for aligning security strategies with organizational objectives. While a comprehensive risk assessment, ongoing audits, and trained staff are important, they are secondary to the manager's ability to understand and integrate security within the business context.