Certified Information Security Manager (CISM) — Question 671

Which of the following is the BEST indication of information security strategy alignment with the business?

Answer options

• A. Number of business executives who have attended information security awareness sessions
• B. Percentage of corporate budget allocated to information security initiatives
• C. Percentage of information security incidents resolved within defined service level agreements (SLAs)
• D. Number of business objectives directly supported by information security initiatives

Correct answer: D

Explanation

The correct answer, D, is the best indicator because it shows a direct link between information security initiatives and business objectives, demonstrating alignment. Options A and B, while relevant, do not directly measure alignment with business goals. Option C focuses on incident management efficiency rather than strategic alignment.