The most important factor for the successful implementation of an information security program is the allocation of adequate security resources. This includes not just funding, but also personnel, time, and other resources that are needed to develop, implement and maintain the program. Without adequate resources, the program may be underfunded, understaffed, or otherwise unable to meet its objectives. An information security program is a continuous process and it requires adequate resources to be successful.
Selected Answer: B
The question clearly states the "Implementation" of information security. From the given options, the only option most suitable is B.
without resources, you can't implement the information security program.
B. Adequate security resources are allocated to the program.
Key performance indicators (KPIs) are essential for measuring the program's effectiveness, but they depend on having the necessary resources in place to execute the program effectively.
I selected C as a balanced score card would define how finance, people and technology can be optimized and therefore a measurement of successful implementation.
On ground, yes, B, totally.
Though as per ISACA Review Guide 16th Ed (3.1.2, page 142):
Three elements are essential to ensure successful security program design, implementation and ongoing management:
1. The program must demonstrate execution of a welldeveloped information security strategy that is closely aligned with and supports organizational objectives.
2. The program must be well-designed with cooperation and support from management and stakeholders.
3. Effective metrics must be developed for program design and implementation phases and the subsequent ongoing security program management phases to provide the feedback necessary to guide program execution to achieve the defined outcomes.
ISACA says A
Yes, but KPI is just one metric. What about KGI and KRI, which are arguably more important than KPI when implementing infosec program? So I think adequate resources are the most important of the bunch.
B. Adequate security resources are allocated to the program.
Key performance indicators (KPIs) are essential for measuring the program's effectiveness, but they depend on having the necessary resources in place to execute the program effectively.
B. Adequate security resources are allocated to the program.
While all the options listed are important for the successful implementation of an information security program, the allocation of adequate security resources is considered the most crucial factor. Without sufficient resources, including personnel, budget, technology, and tools, it becomes challenging to effectively plan, execute, and sustain the information security program.
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Broesweelies
Highly Voted 2 years, 4 months agousercism007
Most Recent 10 months, 2 weeks agooluchecpoint
1 year, 4 months agoDisucssion
1 year, 4 months agokillainc
1 year, 5 months agoDonnyX
1 year, 8 months agoDonnyX
1 year, 8 months agoCISSPST
1 year, 8 months agoAlexJacobson
1 year, 4 months agooluchecpoint
1 year, 8 months agorichck102
1 year, 11 months agomad68
2 years ago