Certified Information Security Manager (CISM) — Question 807

What should be an information security manager's MOST important consideration when developing a multi-year plan?

Answer options

• A. Ensuring contingency plans are in place for potential information security risks
• B. Ensuring alignment with the plans of other business units
• C. Demonstrating projected budget increases year after year
• D. Allowing the information security program to expand its capabilities

Correct answer: B

Explanation

The correct answer is B because aligning with other business units ensures that the information security strategy supports overall organizational goals. Options A, C, and D, while important, do not address the necessity of collaboration and integration with the broader business strategy, which is crucial for a successful multi-year plan.