Certified Information Security Manager (CISM) — Question 545

Which of the following is MOST important to the successful implementation of an information security program?

Answer options

• A. Establishing key performance indicators (KPIs)
• B. Obtaining stakeholder input
• C. Understanding current and emerging technologies
• D. Conducting periodic risk assessments

Correct answer: B

Explanation

Obtaining stakeholder input is essential as it ensures that the security program aligns with the organization’s needs and priorities. While establishing KPIs, understanding technologies, and conducting risk assessments are important, they do not hold the same level of significance in terms of initial buy-in and support from key stakeholders.