Certified Information Security Manager (CISM) — Question 676

Which of the following is MOST important to include in an information security strategy?

Answer options

• A. Industry benchmarks
• B. Stakeholder requirements
• C. Risk register
• D. Regulatory requirements

Correct answer: B

Explanation

Incorporating stakeholder requirements is essential because it ensures that the security strategy aligns with the needs and expectations of those affected. While industry benchmarks, risk registers, and regulatory requirements are important, they may not fully address the unique concerns and priorities of stakeholders, making their input critical for a successful strategy.