Certified Information Security Manager (CISM) — Question 1040

Which of the following is the BEST approach for encouraging business units to assume their roles and responsibilities in an information security program?

Answer options

• A. Engage an independent security audit.
• B. Perform a risk assessment.
• C. Conduct an awareness program for senior management.
• D. Develop controls and countermeasures.

Correct answer: C

Explanation

Conducting an awareness program for senior management is vital as it directly informs and engages leaders about their security roles, fostering accountability. While the other options like risk assessments and controls are important, they do not specifically address motivating business units to take action.