Certified Information Systems Auditor (CISA) — Question 209

Which of the following is MOST critical to the success of an information security program?

Answer options

• A. User accountability for information security
• B. Alignment of information security with IT objectives
• C. Integration of business and information security
• D. Management’s commitment to information security

Correct answer: D

Explanation

Management's commitment to information security is crucial because it sets the tone for the entire organization and ensures that security is prioritized. Without strong support from management, other aspects such as user accountability, alignment with IT objectives, and integration with business will likely falter, as they require leadership backing to be effective.