CISM Certified Information Security Manager – Question1151

A critical component of a continuous improvement program for information security is:

A.
measuring processes and providing feedback.
B. developing a service level agreement (SLA) for security.
C. tying corporate security standards to a recognized international standard.
D. ensuring regulatory compliance.

Correct Answer: A

Explanation:

Explanation:
If an organization is unable to take measurements that will improve the level of its safety program. then continuous improvement is not possible. Although desirable, developing a service level agreement (SLA) for security, tying corporate security standards to a recognized international standard and ensuring regulatory compliance are not critical components for a continuous improvement program.