Certified Information Security Manager (CISM) — Question 539

Which of the following is the PRIMARY benefit of implementing a maturity model for information security management?

Answer options

• A. Gaps between current and desirable levels will be addressed.
• B. Information security management costs will be optimized.
• C. Information security strategy will be in line with industry best practice.
• D. Staff awareness of information security compliance will be promoted.

Correct answer: A

Explanation

The primary benefit of a maturity model is that it helps identify and address the gaps between the current state of information security and the desired future state, which is captured in option A. The other options, while beneficial, are secondary outcomes that may result from addressing these gaps but do not represent the core purpose of a maturity model.