Certified Information Security Manager (CISM) — Question 51

The chief information security officer (CISO) has developed an information security strategy, but is struggling to obtain senior management commitment for funds to implement the strategy. Which of the following is the MOST likely reason?

Answer options

• A. The strategy does not include a cost-benefit analysis.
• B. There was a lack of engagement with the business during development.
• C. The strategy does not comply with security standards.
• D. The CISO reports to the CIO.

Correct answer: B

Explanation

The correct answer is B because without proper engagement with the business during the strategy's development, the CISO may not have aligned the strategy with the organization's needs, leading to a lack of support. Options A, C, and D may affect the strategy's effectiveness or compliance but do not directly explain the lack of commitment from senior management for funding.