Certified Information Security Manager (CISM) — Question 492
Which of the following is the MOST important requirement for a successful security program?
Answer options
- A. Management decision on asset value
- B. Penetration testing on key systems
- C. Nondisclosure agreements (NDA) with employees
- D. Mapping security processes to baseline security standards
Correct answer: D
Explanation
Mapping security processes to baseline security standards is essential as it ensures that security measures meet established guidelines, thereby enhancing the overall effectiveness of the program. While management decisions, penetration testing, and NDAs are important, they do not provide the foundational framework that aligns security efforts with recognized standards.