exam questions

Exam CISM All Questions

View all questions & answers for the CISM exam

Exam CISM topic 1 question 52 discussion

Actual exam question from Isaca's CISM
Question #: 52
Topic #: 1
[All CISM Questions]

Which of the following provides the MOST essential input for the development of an information security strategy?

  • A. Results of an information security gap analysis
  • B. Measurement of security performance against IT goals
  • C. Results of a technology risk assessment
  • D. Availability of capable information security resources
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
greeklover84
3 weeks, 5 days ago
Selected Answer: C
Risk-based approach strategy. C makes sense.
upvoted 1 times
...
Rio42
4 weeks, 1 day ago
Selected Answer: C
How can a gap analysis be performed for a security strategy that does not yet exist? The question poses the question as the initial (hence the term developing) security strategy. If you have no starting point, you cannot perform a gap analysis.
upvoted 2 times
...
2c24cf3
4 months ago
Selected Answer: A
The best input to know your destination is where you are now.
upvoted 1 times
...
Grantolio
9 months, 4 weeks ago
c: The CISM All-0in-One Exam Guide Writes: Gap Assessment To implement a security strategy and accomplish objectives, security professionals often spend too much time focusing on the end goal and not enough time on the starting point. Without sufficient knowledge of the starting point, accomplishing objectives will be more difficult, and achieving success will be less certain. and it also writes: Risk Assessments A strategist should choose to have a risk assessment performed to reveal risks present in the organization. The results of a risk assessment give the strategist valuable information on the types of resources required to bring risks down to acceptable levels. This is vital for developing and validating strategic objectives. The Gap Assessment is valuable to implement the strategy. The Risk assessment validates your strategic objectives.
upvoted 3 times
...
Viperhunter
1 year, 1 month ago
Selected Answer: A
The results of an information security gap analysis provide a comprehensive understanding of the existing state of information security within an organization, identifying areas where security controls may be lacking or not meeting desired levels. This analysis helps in determining the current state of security and defining the desired future state, which is critical for developing an effective information security strategy. While measurement of security performance against IT goals (option B), results of a technology risk assessment (option C), and the availability of capable information security resources (option D) are important considerations, the information security gap analysis is a foundational step that informs the strategic direction and priorities for the development of the overall information security strategy.
upvoted 2 times
...
richck102
1 year, 7 months ago
A. Results of an information security gap analysis
upvoted 1 times
...
Antonivs
1 year, 11 months ago
Selected Answer: A
hard one, A seems the best
upvoted 2 times
CarlLimps
1 year, 10 months ago
For sure it is A. Completing a risk assessment is good but that next step is the gap analysis...how far are you from where you want to be? Brilliant.
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago