CISM Certified Information Security Manager – Question0141

Which of the following is the BEST way to determine if an information security program aligns with corporate governance?

A.
Evaluate funding for security initiatives
B. Survey end users about corporate governance
C. Review information security policies
D. Review the balanced scorecard

Correct Answer: C

Explanation:

Explanation One of the most important aspects of the action plan to execute the strategy is to create or modify, as needed, policies and standards. Policies are one of the primary elements of governance and each policy should state only one general security mandate. The road map should show the steps and the sequence, dependencies, and milestones.