Certified Information Security Manager (CISM) — Question 472

Which of the following would BEST support an information security manager's efforts to obtain management approval for an identity and access management
(IAM) system implementation?

Answer options

• A. A recent security incident involving access authorization
• B. An established security policy with access management requirements
• C. A third-party audit finding based on regulatory requirements
• D. A business case proposal for the solution

Correct answer: D

Explanation

The correct answer, D, is effective because a business case proposal outlines the benefits, costs, and justifications for the IAM system, making it compelling for management. While options A, B, and C provide relevant information, they do not offer a comprehensive rationale or financial justification necessary for securing approval.