Certified Information Security Manager (CISM) — Question 578

What is the BEST way for an information security manager to ensure critical assets are prioritized in a new information security program?

Answer options

• A. Update operating procedures to include new requirements.
• B. Conduct security awareness training.
• C. Conduct an inventory of information assets.
• D. Backup information assets and store them offsite.

Correct answer: C

Explanation

The correct answer is C because conducting an inventory of information assets allows the security manager to identify and prioritize critical assets based on their value and risk. The other options, while useful for different aspects of security management, do not directly address the need to identify which assets require prioritization in the security program.