Certified Information Security Manager (CISM) — Question 979

Which of the following BEST facilitates the development of a comprehensive information security policy?

Answer options

• A. Alignment with an established information security framework
• B. Security key performance indicators (KPIs)
• C. A review of recent information security incidents
• D. An established internal audit program

Correct answer: A

Explanation

The best approach to developing a comprehensive information security policy is to align it with an established information security framework, as it provides a structured guideline and best practices. While security KPIs, incident reviews, and internal audits are all important components of security management, they do not directly facilitate the foundational development of the policy itself.