Certified Information Security Manager (CISM) — Question 597

Which of the following would be MOST useful when illustrating to senior management the status of a recently implemented information security governance framework?

Answer options

• A. Periodic testing results
• B. A risk assessment
• C. A maturity model
• D. A threat assessment

Correct answer: C

Explanation

A maturity model provides a clear framework for assessing the progress and effectiveness of the information security governance framework, making it easier for senior management to understand its status. Periodic testing results, a risk assessment, and a threat assessment are important but do not convey the overall maturity and effectiveness of the governance framework as comprehensively as a maturity model does.