CISM Certified Information Security Manager – Question0309

When implementing security controls, an information security manager must PRIMARILY focus on:

A.
minimizing operational impacts.
B. eliminating all vulnerabilities.
C. usage by similar organizations.
D. certification from a third party.

Correct Answer: A

Explanation:

Explanation: Security controls must be compatible with business needs. It is not feasible to eliminate all vulnerabilities. Usage by similar organizations does not guarantee that controls are adequate. Certification by a third party is important, but not a primary concern.