Certified Information Security Manager (CISM) — Question 786

Which of the following should be the KEY consideration when creating an information security communication plan with industry peers?

Answer options

• A. Reducing the costs associated with information sharing by automating the process
• B. Balancing the benefits of information sharing with the drawbacks of sharing sensitive information
• C. Notifying the legal department whenever incident-related information is shared
• D. Ensuring information is detailed enough to be of use to other organizations

Correct answer: B

Explanation

The correct answer is B because it emphasizes the need to evaluate the positive aspects of information sharing against the potential risks associated with disclosing confidential information. Option A focuses on cost reduction, which is not the primary concern in security communications. Option C, while important, is more of a procedural step rather than a key consideration. Option D addresses the usefulness of information but does not prioritize the balance between risks and benefits.