Certified Information Security Manager (CISM) — Question 881

Which of the following is MOST important to have in place for an organization's information security program to be effective?

Answer options

• A. Senior management support
• B. A comprehensive IT strategy
• C. Defined and allocated budget
• D. Documented information security processes

Correct answer: A

Explanation

Senior management support is vital for an information security program as it ensures the necessary resources and prioritization are allocated to security initiatives. While a comprehensive IT strategy, budget, and documented processes are important, without backing from leadership, these elements may not receive the attention or funding they require to be successful.