Certified Information Security Manager (CISM) — Question 78

Which of the following is MOST important for an information security manager to consider when identifying information security resource requirements?

Answer options

• A. Availability of potential resources
• B. Information security incidents
• C. Current resourcing levels
• D. Information security strategy

Correct answer: D

Explanation

The correct answer is D, as the information security strategy outlines the organization's approach to security and guides resource allocation. Options A, B, and C, while relevant, do not provide the overarching framework necessary for effective resource identification.