Certified Information Security Manager (CISM) — Question 90

Which of the following provides the BEST guidance when establishing a security program?

Answer options

• A. Risk assessment methodology
• B. Security audit report
• C. Information security budget
• D. Information security framework

Correct answer: D

Explanation

The Information security framework provides a structured approach to developing a security program, incorporating best practices and standards. While a risk assessment methodology is important for identifying risks and a security audit report reviews existing security measures, neither provides the comprehensive guidance needed for program establishment like an information security framework does.