CISM Exam Preparation: Information Security Strategy for Business Activities

Information Security Strategy Document

Prev Question Next Question

Question

An information security strategy document that includes specific links to an organization's business activities is PRIMARILY an indicator of:

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

Strategic alignment of security with business objectives is a key indicator of performance measurement.

In guiding a security program, a meaningful performance measurement will also rely on an understanding of business objectives, which will be an outcome of alignment.

Business linkages do not by themselves indicate integration or value delivery.

While alignment is an important precondition, it is not as important an indicator.

An information security strategy document that includes specific links to an organization's business activities is primarily an indicator of alignment.

Explanation: An organization's information security strategy should be aligned with its business objectives and goals. The purpose of an information security strategy is to protect an organization's assets, including its information, from a wide range of threats. However, it should also support and enhance the organization's ability to achieve its strategic goals.

If an organization's information security strategy includes specific links to its business activities, it is an indicator that the strategy is aligned with the organization's objectives and goals. In other words, the strategy is designed to support and enhance the organization's business activities, rather than being a standalone or disconnected effort.

This alignment is essential for several reasons. First, it helps ensure that the information security strategy is relevant to the organization and addresses its unique risks and challenges. Second, it helps ensure that the strategy is integrated into the organization's overall management processes and decision-making, rather than being a separate or isolated effort. Finally, it helps ensure that the strategy is perceived as adding value to the organization, rather than being seen as a hindrance or obstacle to its business activities.

In summary, an information security strategy that includes specific links to an organization's business activities is an indicator of alignment between the strategy and the organization's objectives and goals. This alignment is crucial for ensuring that the strategy is relevant, integrated, and perceived as adding value to the organization.