Certified Information Security Manager (CISM) — Question 947

Which of the following approaches to communication with senior management BEST enables an information security manager to maximize the effectiveness of the information security program?

Answer options

• A. Reporting on industry security threats with potential impact to business objectives
• B. Conducting periodic one-on-one meetings to align security with business objectives
• C. Participating in operational review meetings to discuss daily operations and dependencies
• D. Providing regular status of updates to security policies and standards

Correct answer: B

Explanation

Option B is correct because one-on-one meetings allow for tailored discussions that align security initiatives directly with business objectives, fostering better understanding and support from management. The other options, while beneficial, do not facilitate the same level of alignment and engagement with management as personal meetings do.