Certified Information Systems Auditor (CISA) — Question 789

Which of the following is the MOST important outcome of an information security program?

Answer options

• A. Operating system weaknesses are more easily identified.
• B. Emerging security technologies are better understood and accepted.
• C. The cost to mitigate information security risk is reduced.
• D. Organizational awareness of security responsibilities is improved.

Correct answer: D

Explanation

The correct answer, D, emphasizes the critical nature of improving organizational awareness of security responsibilities, which is essential for fostering a security-conscious culture. While the other options address important aspects of security, they do not directly relate to the overarching goal of ensuring that all members of the organization understand their security roles and responsibilities.