CISM Certified Information Security Manager – Question0572

Which of the following is the BEST method to determine whether an information security program meets an organization’s business objectives?

A.
Implement performance measures.
B. Review against international security standards.
C. Perform a business impact analysis (BIA).
D. Conduct an annual enterprise-wide security evaluation.

Correct Answer: A