I'd say it's A, because before you implement information security program in any shape or form, you need to have clear understanding of what you're trying to protect. How would you perform a risk assessment and prioritize risks or implement cost-effective controls if management didn't tell you the value of the assets you have to protect?
If A simply said management approval I would go with it, but since it specifically mentions asset value I am going to have to pick D as the best answer here.
While management's decision on asset value (A) is important for risk management and prioritization, it does not, by itself, ensure the success of a security program. The program's effectiveness relies more on how security processes are implemented and managed, which is why mapping these processes to baseline standards is critical.
A. Management decision on asset value
This is because understanding the value of your assets (data, systems, infrastructure, etc.) helps in prioritizing security efforts and allocating resources effectively. Without a clear understanding of the asset's value, it's challenging to make informed decisions about where to invest in security measures, which security controls to implement, and how much to budget for security initiatives.
The CISM (Certified Information Security Manager) Review Manual, 27th Edition, supports this viewpoint by stating:
"A successful security program requires a systematic and structured approach to managing security risks. This begins with establishing baseline security standards and then mapping the organization's security processes to these standards. This helps ensure that all security activities are aligned with recognized best practices and the organization's risk management objectives."
From the ISACA perspective for the CISM examination, the MOST important requirement for a successful security program is:
D. Mapping security processes to baseline security standards
Mapping security processes to baseline security standards ensures that the organization's security program aligns with established best practices and industry standards. It helps in identifying the necessary security controls, procedures, and guidelines that need to be implemented to protect the organization's assets and mitigate risks effectively.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Jae_kes
Highly Voted 1 year, 5 months agodavid124
Most Recent 3 weeks, 4 days agoManix
9 months, 3 weeks agoAlexJacobson
9 months, 3 weeks agoPOWNED
10 months, 3 weeks agojcisco123
10 months, 3 weeks agoSoleandheel
12 months agooluchecpoint
1 year, 2 months agoAgamennore
1 year, 2 months ago[Removed]
1 year, 3 months agoGoseu
1 year, 3 months agoSpaceMonkey1
10 months, 2 weeks agoAlexJacobson
9 months, 3 weeks agorichck102
1 year, 4 months agomad68
1 year, 6 months agoAz900500
1 year, 4 months ago[Removed]
1 year, 4 months ago