Q: 8
Which of the following should an information security manager do NEXT after creating a roadmap to
execute the strategy for an information security program?
Options
Discussion
Its D, not A. Project plan comes after the roadmap, seen similar on practice exams.
Yeah, this comes down to whether the roadmap's already agreed on. If the roadmap is done, then D makes sense since you need a detailed project plan to start executing. But if exec consensus wasn’t secured, A could sneak in as the right move. Pretty sure on D unless the question’s hiding that detail somewhere.
Always see this kind of flow in ISACA practice and the official CISM guide: D
Maybe A here. I thought after creating the roadmap, you'd confirm strategy buy-in with the executive board before moving to detailed project plans, especially if it hasn't been officially signed off yet. Sometimes CISM questions expect that next validation step. Could be missing something, but that's my take. Agree?
Pretty sure it's not A, D fits better. Roadmap is higher-level, so the next practical step is making a project plan to actually execute those roadmap items. Unless they want us to assume no exec signoff yet, but I doubt it.
Its D. You move to project planning after the roadmap since the exec buy-in and alignment should've happened before the roadmap step. A is tempting but it’s a timing trap here, pretty sure that's how CISM expects it.
D not A. Executive consensus should've happened during strategy sign-off, the trap is thinking it's needed after the roadmap.
Maybe B
Feels like D since you need to turn the high-level roadmap into a detailed project plan to start executing. Getting consensus or reviewing alignment would normally happen earlier during strategy and roadmap creation, not after. Pretty sure that's CISM best practice, but maybe there's a subtlety I'm missing. Agree?
Its D here. Trap is A but the board usually signs off before you build the roadmap, not after.
Be respectful. No spam.
