Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 2 Question 103 Discussion

Actual exam question for Isaca's CISM exam
Question #: 103
Topic #: 2
[All CISM Questions]

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

Show Suggested Answer Hide Answer
Suggested Answer: D

The next thing that an information security manager should do after creating a roadmap to execute the strategy for an information security program is D. Develop a project plan to implement the strategy. This is because a project plan is a detailed document that outlines the scope, objectives, deliverables, milestones, tasks, resources, roles, responsibilities, risks, and dependencies of the implementation process. A project plan can help the information security manager to organize, coordinate, monitor, and control the activities and resources required to execute the strategy and achieve the desired outcomes. A project plan can also facilitate communication, collaboration, and reporting among the project team, stakeholders, and sponsors.

A project plan is a detailed document that outlines the scope, objectives, deliverables, milestones, tasks, resources, roles, responsibilities, risks, and dependencies of the implementation process. (From CISM Manual or related resources)

Reference = CISM Review Manual 15th Edition, Chapter 3, Section 3.1.2, page 1281; CISM Review Questions, Answers & Explanations Manual 9th Edition, Question 74, page 19


by Nickole at Nov 20, 2025, 02:39 PM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jesus
1 month ago
I agree with B. If it doesn't align, it won't work in the long run.
upvoted 0 times
...
Dottie
1 month ago
I lean towards A. Without executive support, the strategy might fail.
upvoted 0 times
...
Omega
2 months ago
D seems like the next logical step. A project plan is essential for execution.
upvoted 0 times
...
Francoise
2 months ago
C is important. Knowing risk tolerance helps shape the strategy.
upvoted 0 times
...
Valentin
2 months ago
B makes sense too. The strategy should align with business goals.
upvoted 0 times
...
Vincenza
2 months ago
I’m not sure A) is the best first step...
upvoted 0 times
...
Sol
2 months ago
D) totally agree, project plans are key!
upvoted 0 times
...
Jettie
2 months ago
B) makes sense, gotta align with the biz.
upvoted 0 times
...
Corrie
3 months ago
A) is crucial for buy-in!
upvoted 0 times
...
Gail
3 months ago
D) all the way! Screw the executives, let's just get this security program implemented already.
upvoted 0 times
...
Mitsue
3 months ago
C) Define organizational risk tolerance. Gotta know how much risk the company is willing to take on.
upvoted 0 times
...
Antonio
4 months ago
Haha, the correct answer is obviously D. Who needs executive approval when you can just do your own thing?
upvoted 0 times
...
Stefan
4 months ago
B) Review alignment with business goals. Gotta make sure the security strategy supports the overall business objectives.
upvoted 0 times
...
Stevie
4 months ago
D) Develop a project plan to implement the strategy. That's the logical next step to get the ball rolling.
upvoted 0 times
...
Moira
4 months ago
I thought defining organizational risk tolerance was crucial, but I also see the value in getting executive buy-in. It’s tough to choose!
upvoted 0 times
...
Tamera
4 months ago
I feel like developing a project plan is important, but I can't recall if that should be done right after the roadmap or if we need to check risk tolerance first.
upvoted 0 times
...
Serita
4 months ago
I remember a practice question where aligning with business goals was emphasized as a critical next step. It makes sense to ensure everything is in sync.
upvoted 0 times
...
Dahlia
5 months ago
D for sure. Once you've got the roadmap, the next logical step is to develop a detailed project plan to actually implement the strategy.
upvoted 0 times
...
Gail
5 months ago
I feel like reviewing alignment with business goals (option B) is the way to go. Gotta make sure the security strategy supports the overall business objectives.
upvoted 0 times
...
Karan
5 months ago
Obtaining consensus from the executive board is crucial, so I'd definitely start with option A. Can't move forward without that buy-in.
upvoted 0 times
...
Rosita
5 months ago
I think A is crucial. Getting the board on board is key.
upvoted 0 times
...
Francesco
5 months ago
I think the next step should be to get consensus from the executive board, but I'm not entirely sure if that comes before or after defining risk tolerance.
upvoted 0 times
...
Owen
6 months ago
C) wait, how do you even define risk tolerance?
upvoted 0 times
...
Carin
6 months ago
A) Obtain consensus on the strategy from the executive board. Can't move forward without their buy-in.
upvoted 0 times
...
Aleta
6 months ago
I'm a bit unsure here. Should we be focusing on aligning with business goals first, or is defining risk tolerance more important? I'm torn between B and C.
upvoted 0 times
...
Franklyn
6 months ago
Hmm, I think I'd go with option D. Developing a project plan to implement the strategy seems like the logical next step after creating the roadmap.
upvoted 0 times
Gearldine
15 days ago
It's a tough choice, but I lean towards D as well.
upvoted 0 times
...
Merlyn
20 days ago
C is also valid. Knowing risk tolerance helps shape the plan.
upvoted 0 times
...
Marget
26 days ago
I think B is important. Alignment with business goals is key.
upvoted 0 times
...
Yun
1 month ago
But what about option A? Getting consensus is crucial too.
upvoted 0 times
...
Melina
5 months ago
I agree, option D makes sense. A project plan is essential.
upvoted 0 times
...
...

Save Cancel