Certified Information Security Manager (CISM) — Question 409
Which of the following is the BEST course of action for an information security manager to align security and business goals?
Answer options
- A. Reviewing the business strategy
- B. Conducting a business impact analysis (BIA)
- C. Actively engaging with stakeholders
- D. Defining key performance indicators (KPIs)
Correct answer: C
Explanation
The correct answer is C, as actively engaging with stakeholders fosters communication and understanding between the security team and business units, ensuring that security initiatives align with business goals. Options A, B, and D are important tasks but do not directly facilitate the ongoing collaboration and alignment that stakeholder engagement provides.