Certified Chief Information Security Officer (CCISO) — Question 70

When managing an Information Security Program, which of the following is of MOST importance in order to influence the culture of an organization?

Answer options

• A. Compliance with local privacy regulations
• B. An independent Governance, Risk and Compliance organization
• C. Support Legal and HR teams
• D. Alignment of security goals with business goals

Correct answer: D

Explanation

The correct answer is D because aligning security goals with business goals ensures that security measures are integrated into the organization's core operations, fostering a culture of security awareness. Options A, B, and C, while important, do not directly influence the overarching culture of the organization as effectively as aligning security with business objectives.