Certified Information Security Manager (CISM) — Question 453

To optimize the implementation of information security governance in an organization, an information security manager should:

Answer options

• A. implement processes consistent with international standards.
• B. utilize existing governance structures when possible.
• C. ensure changes are consistent with existing standards.
• D. make gradual changes to governance to minimize employee resistance.

Correct answer: B

Explanation

The correct answer is B because utilizing existing governance structures allows for a smoother integration of security measures, leveraging what is already in place. Options A and C are important but do not directly address the optimization aspect, while D, though helpful for employee acceptance, does not prioritize leveraging existing frameworks.