Certified Information Security Manager (CISM) — Question 956

Which of the following BEST facilitates the development of information security procedures that effectively support the information security policy?

Answer options

• A. Aligning procedures with industry best practices
• B. Classifying the information assets to be protected
• C. Considering the impact of systemic risk events
• D. Conducting an external benchmarking exercise

Correct answer: B

Explanation

Classifying the information assets to be protected is crucial as it allows organizations to understand what needs safeguarding, thereby guiding the development of relevant procedures. While aligning with best practices, considering systemic risks, and conducting benchmarking can be beneficial, they do not directly address the foundational step of identifying the specific assets that require protection.