Certified Information Security Manager (CISM) — Question 800

Which of the following would be the BEST way for an information security manager to improve the effectiveness of an organization's information security program?

Answer options

• A. Focus on addressing conflicts between security and performance.
• B. Obtain assistance from IT to implement automated security controls.
• C. Include information security requirements in the change control process.
• D. Collaborate with business and IT functions in determining controls.

Correct answer: D

Explanation

The correct answer, D, emphasizes the importance of collaboration between business and IT to identify and implement effective controls, which leads to a more robust security posture. Options A and B focus on specific aspects that may not address the broader organizational needs, while option C, while important, does not involve the collaboration necessary for a comprehensive security strategy.