Exam CISM topic 1 question 65 discussion

B. develop an information security strategy. An information security manager MUST have an understanding of the organization's business goals to develop an information security strategy. The security strategy should align with the overall business objectives and support the organization's mission and goals. Without understanding the business goals, it would be difficult for the information security manager to determine the appropriate level of security and prioritize the allocation of resources to protect the organization's most critical assets and data. An understanding of the business goals can also help in relating information security to change management, developing operational procedures and defining key performance indicators (KPIs) but it's crucial for developing an information security strategy.

Role of the Information Security Manager: An ISM is responsible for implementing and managing the information security program, which must align with the organization's goals and priorities. Developing or updating a strategy is part of this responsibility, as the ISM ensures that tactical and operational activities serve the broader business needs.

B . Information security strategy should be defined by CISO , not IS manager . Manager should be more operation .

An understanding of the organization's business goals is crucial for an information security manager to develop an effective information security strategy. The strategy should align with and support the overall business objectives and priorities of the organization.

obviously

Understanding the organization's business goals is crucial for developing an information security strategy that aligns with and supports those goals. A well-crafted information security strategy should be closely tied to the overall business objectives and priorities of the organization. This ensures that security measures are not only effective in protecting assets but also contribute to the achievement of broader business goals. While relating information security to change management (option A), developing operational procedures (option C), and defining key performance indicators (KPIs) (option D) are important aspects of information security management, they are all influenced and guided by the overarching context of the organization's business goals.

B. develop an information security strategy. Understanding the organization's business goals is essential for developing an effective information security strategy. Information security should align with and support the broader business objectives and mission. Without a clear understanding of the organization's goals and priorities, it becomes challenging to develop a security strategy that addresses the specific risks and requirements of the business. While understanding business goals is crucial for developing an information security strategy, it also plays a role in other areas like relating information security to change management (A), developing operational procedures (C), and defining key performance indicators (KPIs) (D). However, developing a security strategy is often the primary area where this understanding is foundational.

Absolutely B

D. define key performance indicators (KPIs) s correct. This is the correct answer because the information security officer does not develop information security strategy. The Strategy is developed by senior leaders and managers—such as the CEO, executive team, and board of directors.

Develop the strategy according to business goals. Once you have the strategy, you define KPI's to measure success.

B. develop an information security strategy.

STRATEGY ALWAYS LINK TO BUSINESS GOAL

B, for sure

B should be the correct answer.

understanding goal unites with KPI.

Agreed

yes the correct answer is B