New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

Isaca CISM Exam - Topic 2 Question 103 Discussion

Actual exam question for Isaca's CISM exam
Question #: 103
Topic #: 2
[All CISM Questions]

Which of the following should an information security manager do NEXT after creating a roadmap to execute the strategy for an information security program?

Show Suggested Answer Hide Answer
Suggested Answer: D

The next thing that an information security manager should do after creating a roadmap to execute the strategy for an information security program is D. Develop a project plan to implement the strategy. This is because a project plan is a detailed document that outlines the scope, objectives, deliverables, milestones, tasks, resources, roles, responsibilities, risks, and dependencies of the implementation process. A project plan can help the information security manager to organize, coordinate, monitor, and control the activities and resources required to execute the strategy and achieve the desired outcomes. A project plan can also facilitate communication, collaboration, and reporting among the project team, stakeholders, and sponsors.

A project plan is a detailed document that outlines the scope, objectives, deliverables, milestones, tasks, resources, roles, responsibilities, risks, and dependencies of the implementation process. (From CISM Manual or related resources)

Reference = CISM Review Manual 15th Edition, Chapter 3, Section 3.1.2, page 1281; CISM Review Questions, Answers & Explanations Manual 9th Edition, Question 74, page 19


by Nickole at Nov 20, 2025, 02:39 PM

Limited Time Offer

25%

Off

Get Premium CISM Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Corrie
10 hours ago
A) is crucial for buy-in!
upvoted 0 times
...
Gail
6 days ago
D) all the way! Screw the executives, let's just get this security program implemented already.
upvoted 0 times
...
Mitsue
11 days ago
C) Define organizational risk tolerance. Gotta know how much risk the company is willing to take on.
upvoted 0 times
...
Antonio
16 days ago
Haha, the correct answer is obviously D. Who needs executive approval when you can just do your own thing?
upvoted 0 times
...
Stefan
21 days ago
B) Review alignment with business goals. Gotta make sure the security strategy supports the overall business objectives.
upvoted 0 times
...
Stevie
26 days ago
D) Develop a project plan to implement the strategy. That's the logical next step to get the ball rolling.
upvoted 0 times
...
Moira
1 month ago
I thought defining organizational risk tolerance was crucial, but I also see the value in getting executive buy-in. It’s tough to choose!
upvoted 0 times
...
Tamera
1 month ago
I feel like developing a project plan is important, but I can't recall if that should be done right after the roadmap or if we need to check risk tolerance first.
upvoted 0 times
...
Serita
1 month ago
I remember a practice question where aligning with business goals was emphasized as a critical next step. It makes sense to ensure everything is in sync.
upvoted 0 times
...
Dahlia
2 months ago
D for sure. Once you've got the roadmap, the next logical step is to develop a detailed project plan to actually implement the strategy.
upvoted 0 times
...
Gail
2 months ago
I feel like reviewing alignment with business goals (option B) is the way to go. Gotta make sure the security strategy supports the overall business objectives.
upvoted 0 times
...
Karan
2 months ago
Obtaining consensus from the executive board is crucial, so I'd definitely start with option A. Can't move forward without that buy-in.
upvoted 0 times
...
Rosita
2 months ago
I think A is crucial. Getting the board on board is key.
upvoted 0 times
...
Francesco
2 months ago
I think the next step should be to get consensus from the executive board, but I'm not entirely sure if that comes before or after defining risk tolerance.
upvoted 0 times
...
Owen
3 months ago
C) wait, how do you even define risk tolerance?
upvoted 0 times
...
Carin
3 months ago
A) Obtain consensus on the strategy from the executive board. Can't move forward without their buy-in.
upvoted 0 times
...
Aleta
3 months ago
I'm a bit unsure here. Should we be focusing on aligning with business goals first, or is defining risk tolerance more important? I'm torn between B and C.
upvoted 0 times
...
Franklyn
3 months ago
Hmm, I think I'd go with option D. Developing a project plan to implement the strategy seems like the logical next step after creating the roadmap.
upvoted 0 times
Melina
2 months ago
I agree, option D makes sense. A project plan is essential.
upvoted 0 times
...
...

Save Cancel