CISM Certified Information Security Manager – Question1137 - CISM Certified Information Security Manager

An information security manager wishing to establish security baselines would:

A. include appropriate measurements in the system development life cycle.
B. implement the security baselines to establish information security best practices.
C. implement the security baselines to fulfill laws and applicable regulations in different jurisdictions.
D. leverage information security as a competitive advantage.

Correct Answer: B

Explanation:

Explanation:
While including appropriate measurements in the system development life cycle may indicate a security baseline practice; these are wider in scope and, thus, implementing security baselines to establish information security best practices is the appropriate answer. Implementing security baselines to fulfill laws and applicable regulations in different jurisdictions, and leveraging information security as a competitive advantage may be supplementary benefits of using security baselines.