Certified Information Security Manager (CISM) — Question 625

Which of the following is the MOST important consideration when reporting on the status of information security activities?

Answer options

• A. The report is comprehensive
• B. The report is updated on a regular basis
• C. The report is tailored to stakeholder needs
• D. The report structure is consistent with industry standards

Correct answer: C

Explanation

The correct answer is C because tailoring the report to stakeholder needs ensures that the information is relevant and understandable to those who need it. While a comprehensive report (A), regular updates (B), and consistency with industry standards (D) are important, they are secondary to ensuring the audience receives the information that matters most to them.