Certified Information Security Manager (CISM) — Question 1008

Which of the following is the MOST effective way to convey information security responsibilities across an organization?

Answer options

• A. Implementing security awareness programs
• B. Defining information security responsibilities in the security policy
• C. Developing a skills matrix
• D. Documenting information security responsibilities within job descriptions

Correct answer: D

Explanation

Documenting information security responsibilities within job descriptions ensures that each employee understands their specific role in maintaining security, making it the most effective method. While security awareness programs and policies are important, they do not tailor responsibilities to individual roles as effectively as job descriptions do.