C. Involving functional managers in program development.
Involving functional managers in program development is a critical element for the success of an information security program. The involvement of functional managers ensures that security considerations are integrated across different business areas, reflecting the unique needs of each part of the organization. This collaboration fosters a culture of security, aligns security objectives with business objectives, and ensures that security controls are applicable and practical.
In the ISACA article "Essential Functions of a Cybersecurity Program," they mention how a program-oriented approach to cybersecurity "supports the organization’s vision, goals and objectives." This highlights that without proper stakeholder engagement, alignment with the broader organizational goals might be compromised, potentially making the security program ineffective.
Involving functional managers in program development ensures that the information security program aligns with the organization's overall business objectives and takes into account the specific needs and requirements of different business functions. This collaboration helps in obtaining buy-in from key stakeholders, understanding the business context, and tailoring security measures to fit the organization's unique operational landscape.
While prioritizing program deliverables based on available resources (Option A) and benchmarking against global standards (Option B) are important considerations, involving functional managers ensures that the program is closely aligned with the organization's specific operational context. Applying project management practices used by the business (Option D) is beneficial, but it is not as fundamental as involving functional managers in the development of the program.
Section 3.1.2 from the CISM Study Guide lists 3 essential items of the Information Security Program, second one is cooperation and support from management and stakeholders.
B. Benchmarking the program with global standards for relevance
Benchmarking the information security program with global standards is crucial because it ensures that the program is aligned with recognized best practices and industry standards. This helps establish a strong foundation for the program by ensuring that it addresses essential security principles and is relevant to the organization's needs.
As a IS manager, would you like to prioritize first then talk to the functional managers for inputs/alignment or you want to talk to functional managers first then find out, oh, i don't have the needed resources to execute or deliver what were discussed?
Whenever it has to do with the overall program of ANYTHING cyber security and making it more efficent it is always up to LEADERSHIP to lead that effort.
Prioritizing program deliverables based on available resources ensures that the most critical information security risks are addressed first. It helps to ensure that the information security program aligns with the organization's strategic objectives and is relevant to the organization's risk posture.
C should be the answer. The most important element of an info sec program is to align with the business. Interestingly, @Broesweelies, your description of functional managers to ensure that the program is aligned with the org's overall goals and objectives is my reasoning for choosing C.
A. Prioritizing program deliverables based on available resources is the MOST essential element of an information security program. Resources are limited, therefore it is important to prioritize which projects and initiatives to undertake based on the organization's goals, risks, and available resources. This will help ensure that the most critical security needs are addressed first, and that the program is sustainable in the long term.
B, C, and D are also important elements of an information security program, but they should be done in conjunction with prioritizing program deliverables. Specifically, Benchmarking the program with global standards for relevance, ensures that the program is relevant and in line with industry best practices; Involving functional managers in program development helps ensure that the program is aligned with the organization's overall goals and objectives; and Applying project management practices used by the business helps ensure that the program is delivered on time and within budget.
Going with B. CISM AIO 2nd - CH4 does refer to standards that information security programs use throughout the risk management phase as it being the core of an originations security program.
upvoted 2 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
aokisan
Highly Voted 1 year, 9 months agohelg420
Most Recent 5 months, 2 weeks agooluchecpoint
8 months, 2 weeks agopeelu
10 months, 1 week agoCyberbug2021
11 months agoViperhunter
11 months agoCraftymartha
1 year agooluchecpoint
1 year, 1 month agoDavoA
1 year, 3 months agowello
1 year, 4 months agoDASH_v
1 year, 4 months agorichck102
1 year, 4 months agoromero318
1 year, 5 months agobambs
1 year, 6 months agoDravidian
1 year, 6 months agoProspect57
1 year, 9 months agoBroesweelies
1 year, 9 months agoMSKid
2 years ago