Certified Information Security Manager (CISM) — Question 569

Which of the following would BEST help to ensure an organization's security program is aligned with business objectives?

Answer options

• A. The organization's board of directors includes a dedicated information security advisor.
• B. The security strategy is reviewed and approved by the organization's steering committee.
• C. Security policies are reviewed and approved by the chief information officer (CIO)
• D. Business leaders receive annual information security awareness training This question has been

Correct answer: B

Explanation

The correct answer is B because having the steering committee review and approve the security strategy ensures that it aligns with the organization's overall objectives and priorities. Options A, C, and D, while important, do not directly ensure alignment of the security program with business goals as effectively as a comprehensive review by the steering committee.