Certified Information Security Manager (CISM) — Question 74

An information security manager MUST have an understanding of the organization's business goals to:

Answer options

• A. relate information security to change management.
• B. develop an information security strategy.
• C. develop operational procedures
• D. define key performance indicators (KPIs).

Correct answer: B

Explanation

The correct answer is B because understanding business goals allows the information security manager to align the security strategy with the organization's objectives. Options A, C, and D are important but do not directly relate to the creation of a comprehensive information security strategy, which is the primary focus of understanding business goals.