Exam CISM topic 1 question 837 discussion

Proper answer is D

BIA results provide a factual, measurable understanding of the potential consequences of security failures, which directly connects security controls to business continuity. Stakeholders are often more inclined to support initiatives when they see how they affect the bottom line, productivity, or risk to the organization. Quantifiable Impact: Communicating the BIA results turns abstract security concepts into tangible risks and consequences, making the case for security controls more persuasive, especially when addressing business-focused stakeholders. Alignment with Business Objectives: By linking security efforts to business impact, this approach ensures that decisions are aligned with overall strategic goals, reducing resistance that might come from purely technical justifications.

I think business impact talks louder here. Not sure what kind of relationship is that. Party together at night?

BIA is useful to assign priority actions in recovery plans.

it says "support for the IMPLEMENTATION", so if you don't have good relationships is an important problem

Why not C? Good relationships are something that will always benefit a goal but thinking that security is dependant on good relationships as the "best" path, is a scary thought.

D. Establishing effective stakeholder relationships

Establishing effective stakeholder relationships is crucial for obtaining organizational support for the implementation of security controls. Building positive relationships with stakeholders across different departments and levels of the organization helps foster understanding, trust, and collaboration. It allows the information security manager to effectively communicate the importance of security controls and gain support for their implementation.