Certified Information Security Manager (CISM) — Question 731

Of the following, whose input is of GREATEST importance in the development of an information security strategy?

Answer options

• A. Security architects
• B. End users
• C. Corporate auditors
• D. Process owners

Correct answer: D

Explanation

Process owners are crucial because they understand the specific business processes and risks that need to be addressed in the security strategy. While security architects, end users, and corporate auditors all play important roles, their input cannot match the direct insight that process owners have regarding the operational needs and potential vulnerabilities within their areas.