Certified Information Security Manager (CISM) — Question 878

Which of the following is the BEST approach for an information security manager to develop an organization's information security strategy?

Answer options

• A. Budget training costs and contingencies for unexpected events.
• B. Determine desired outcomes and perform a gap analysis.
• C. Evaluate the security posture in comparison with competitors.
• D. Estimate operational costs and perform reliability checks.

Correct answer: B

Explanation

The correct answer, B, emphasizes the importance of identifying the desired outcomes and conducting a gap analysis to understand where improvements are needed in the organization's information security. While options A, C, and D include important considerations, they do not directly address the strategic development process as effectively as performing a gap analysis does.