CISM Certified Information Security Manager – Question0481

The PRIMARY driver to obtain external resources to execute the information security program is that external resources can:

A.
contribute cost-effective expertise not available internally.
B. be made responsible for meeting the security program requirements.
C. replace the dependence on internal resources.
D. deliver more effectively on account of their knowledge.

Correct Answer: A

Explanation:

Explanation:
Choice A represents the primary driver for the information security manager to make use of external resources. The information security manager will continue to be responsible for meeting the security program requirements despite using the services of external resources. The external resources should never completely replace the role of internal resources from a strategic perspective. The external resources cannot have a better knowledge of the business of the information security manager’s organization than do the internal resources.