Certified Information Security Manager (CISM) — Question 944

Which of the following is the PRIMARY objective of developing an information security program that aligns with the information security strategy?

Answer options

• A. To define the resources required to achieve information security goals
• B. To define a bottom-up approach for implementing information security policies
• C. To define standards to be implemented
• D. To define risk mitigation plans for security technologies

Correct answer: A

Explanation

The correct answer is A, as the primary objective is to identify the resources needed to accomplish information security goals effectively. Options B, C, and D are important aspects of an information security program, but they are not the primary focus of aligning with the information security strategy.