Certified Information Systems Security Professional (CISSP) — Question 137

Which of the following is the PRIMARY benefit of implementing an Information Security Management System (ISMS)?

Answer options

• A. Correlates system events to monitor and demonstrate system health
• B. Improves customer confidence by demonstrating adherence to best practices
• C. Increases employee education and awareness of security policies
• D. Ensures user compliance with computing standards

Correct answer: B

Explanation

The correct answer, B, highlights that an ISMS primarily fosters customer confidence by showing that the organization follows established best practices for information security. While options A, C, and D are important aspects of security management, they are secondary benefits compared to the direct impact on customer trust.