CISM Certified Information Security Manager – Question0427

An information security manager has identified and implemented mitigating controls according to industry best practices. Which of the following is the GREATEST risk associated with this approach?

A.
The cost of control implementation may be too high.
B. The security program may not be aligned with organizational objectives.
C. The mitigation measures may not be updated in a timely manner.
D. Important security controls may be missed without senior management input.

Correct Answer: B