Certified Chief Information Security Officer (CCISO) — Question 78

Scenario: An organization has recently appointed a CISO. This is a new role in the organization and it signals the increasing need to address security consistently at the enterprise level. This new CISO, while confident with skills and experience, is constantly on the defensive and is unable to advance the IT security centric agenda. From an Information Security Leadership perspective, which of the following is a MAJOR concern about the CISO's approach to security?

Answer options

• A. Compliance centric agenda
• B. IT security centric agenda
• C. Lack of risk management process
• D. Lack of sponsorship from executive management

Correct answer: B

Explanation

The primary concern is that the CISO is unable to promote an IT security centric agenda, which is critical for advancing security initiatives. While compliance and risk management are important, the inability to take a proactive stance on IT security is a more pressing issue. Additionally, lack of executive support can hinder progress, but it is not as direct a concern as the CISO's focus on IT security.