Exam CISM topic 1 question 39 discussion

D makes more sense.

D. Develop key performance indicators (KPIs) of information security Most Voted

What you have to keep in mind for this test is what is the best option so that everyone can track what is going on. For this question that would be KPI. KPI's are user friendly charts and graphs that a child could understand what is going on. This would be a great tool in order to show the stakeholders what is going on.

Identifying gaps impacting the information security strategy involves assessing the alignment between the information security program and the overarching security strategy. This approach helps identify any deficiencies, misalignments, or areas where the information security program falls short in supporting the strategic objectives. By understanding these gaps, the organization can take targeted actions to improve the alignment between the program and the strategy. While options like ensuring resources meet information security program needs (option A), auditing the information security program to identify deficiencies (option B), and developing key performance indicators (KPIs) of information security (option D) are important activities, identifying and addressing gaps in alignment with the information security strategy is a proactive step toward improving overall effectiveness.

A few feasible answers here and none are brilliant. D however is the best one

D Developing key performance indicators (KPIs) for information security allows for a continuous, data-driven assessment of how well the information security program aligns with and supports the information security strategy. This approach helps in identifying areas of improvement, optimizing resource allocation, and ensuring that security efforts are effective in achieving strategic objectives.

These are so frustrating. There’s not a definitive answer. The discussions are great but there are so many discussions on these test questions that it makes me question what’s right.

Answer is D. KPI would show the approach in a tangible format to ensure the security programme is aligned with security strategy.

D is correct. C is incorrect because a security strategy is far too vague to identify any gaps. Its meant to be vague. KPIs are metrics and always BEST option.

KPI will provide the metrics here

KPI's are more effective than audit. KPI's are more frequent than audits, which will help to know if it is effective.

Measuring performance always tells the exact effectiveness of the program to achive it's objectives

C. Identify gaps impacting information security strategy

D is the right answer. The question is asking for the MOST effective approach. While a gap analysis will help find out what they need to align the ISP to the strategy better. KPIs will help them show if the ISP is actually working as the strategy has outlined it.

yes, should be C. By identifying these gaps, the organization can take steps to address them and ensure that its information security program is aligned with its information security strategy.

Identify gaps impacting information security strategy

"C" is the correct one: Identify gaps impacting information security strategy