CISM Certified Information Security Manager – Question0770

In which of the following ways can an information security manager BEST ensure that security controls are adequate for supporting business goals and objectives?

A.
Reviewing results of the annual company external audit
B. Adopting internationally accepted controls
C. Enforcing strict disciplinary procedures in case of noncompliance
D. Using the risk management process

Correct Answer: D