Certified Information Security Manager (CISM) — Question 747

Which of the following sources is MOST useful when planning a business-aligned information security program?

Answer options

• A. Business impact analysis (BIA)
• B. Information security policy
• C. Security risk register
• D. Enterprise architecture (EA)

Correct answer: A

Explanation

The Business Impact Analysis (BIA) is crucial for understanding the potential effects of disruptions on business operations, making it essential for aligning information security with business needs. The other options, while important, do not provide the same level of insight into the specific business impacts that guide security initiatives.