Certified Chief Information Security Officer (CCISO) — Question 2
Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda.
From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO's approach to security?
Answer options
- A. IT security centric agenda
- B. Lack of risk management process
- C. Lack of risk management process
- D. Compliance centric agenda
Correct answer: A
Explanation
The primary concern is the CISO's inability to advance the IT security centric agenda, which is crucial for effective leadership in information security. Options B and C point out the same issue regarding risk management, which, while important, is secondary to the CISO's failure to promote a proactive security strategy. Option D reflects a compliance focus, which does not address the need for a comprehensive IT security agenda.