Exam CISM topic 1 question 39 discussion

Among these options, C. Identify gaps impacting information security strategy emerges as the most effective approach. This method not only highlights deficiencies but also focuses on strategic alignment, ensuring that any identified gaps can be addressed to enhance support for organizational objectives. By understanding where misalignments exist, organizations can take targeted actions to bridge those gaps, thereby strengthening their overall information security posture in relation to their strategic goals.

while identifying gaps gives you a list of what’s wrong, auditing assesses the whole system’s health — it tells you what’s wrong, why it’s wrong, and often how to fix it. This comprehensive insight is crucial for aligning the security program with strategic objectives effectively.

By identifying gaps, the organization can directly assess how well the current security program aligns with and supports the strategic objectives. This approach helps in pinpointing specific areas where the program may be falling short and allows for targeted improvements to ensure that the security measures in place are effectively supporting the overall strategy

D makes more sense.

D. Develop key performance indicators (KPIs) of information security Most Voted

What you have to keep in mind for this test is what is the best option so that everyone can track what is going on. For this question that would be KPI. KPI's are user friendly charts and graphs that a child could understand what is going on. This would be a great tool in order to show the stakeholders what is going on.

Identifying gaps impacting the information security strategy involves assessing the alignment between the information security program and the overarching security strategy. This approach helps identify any deficiencies, misalignments, or areas where the information security program falls short in supporting the strategic objectives. By understanding these gaps, the organization can take targeted actions to improve the alignment between the program and the strategy. While options like ensuring resources meet information security program needs (option A), auditing the information security program to identify deficiencies (option B), and developing key performance indicators (KPIs) of information security (option D) are important activities, identifying and addressing gaps in alignment with the information security strategy is a proactive step toward improving overall effectiveness.

A few feasible answers here and none are brilliant. D however is the best one

D Developing key performance indicators (KPIs) for information security allows for a continuous, data-driven assessment of how well the information security program aligns with and supports the information security strategy. This approach helps in identifying areas of improvement, optimizing resource allocation, and ensuring that security efforts are effective in achieving strategic objectives.

These are so frustrating. There’s not a definitive answer. The discussions are great but there are so many discussions on these test questions that it makes me question what’s right.

Answer is D. KPI would show the approach in a tangible format to ensure the security programme is aligned with security strategy.

D is correct. C is incorrect because a security strategy is far too vague to identify any gaps. Its meant to be vague. KPIs are metrics and always BEST option.

KPI will provide the metrics here

KPI's are more effective than audit. KPI's are more frequent than audits, which will help to know if it is effective.

Measuring performance always tells the exact effectiveness of the program to achive it's objectives

C. Identify gaps impacting information security strategy

D is the right answer. The question is asking for the MOST effective approach. While a gap analysis will help find out what they need to align the ISP to the strategy better. KPIs will help them show if the ISP is actually working as the strategy has outlined it.