Certified Information Security Manager (CISM) — Question 398

Which of the following is the MOST important factor of a successful information security program?

Answer options

• A. The program follows industry best practices.
• B. The program is based on a well-developed strategy.
• C. The program is focused on risk management.
• D. The program is cost-efficient and within budget.

Correct answer: B

Explanation

A well-developed strategy is essential as it provides direction and ensures that security measures align with business objectives. While following best practices, focusing on risk management, and being cost-efficient are important, they are not as foundational as having a solid strategy that guides the entire program.