Certified Information Security Manager (CISM) — Question 602

Which of the following BEST enables an information security manager to obtain organizational support for the implementation of security controls?

Answer options

• A. Conducting periodic vulnerability assessments
• B. Defining the organization's risk management framework
• C. Communicating business impact analysis (BIA) results
• D. Establishing effective stakeholder relationships

Correct answer: D

Explanation

Establishing effective stakeholder relationships is crucial because it builds trust and ensures that key players understand the importance of security measures. While conducting vulnerability assessments, defining a risk management framework, and communicating BIA results are important tasks, they do not directly foster the collaborative support needed from stakeholders to implement security controls.