Certified Information Security Manager (CISM) — Question 899

The MAIN reason for continuous monitoring of the security program is to:

Answer options

• A. validate reduction of incidents.
• B. confirm benefits are being realized.
• C. ensure alignment with industry standards.
• D. optimize resource allocation.

Correct answer: B

Explanation

The correct answer, B, highlights the importance of confirming that the benefits of the security program are actually being realized over time. While options A, C, and D are also relevant aspects of a security program, they do not address the primary goal of continuous monitoring, which is to ensure that the intended benefits are being effectively attained.