Certified Information Security Manager (CISM) — Question 1047

In order to gain organization-wide support for an information security program, which of the following is MOST important to consider?

Answer options

• A. Corporate risk framework
• B. Corporate culture
• C. Clarity of security roles and responsibilities
• D. Maturity of the security policy

Correct answer: B

Explanation

The correct answer is B, Corporate culture, because it significantly influences how employees perceive and engage with security initiatives. If the culture is not supportive of security practices, even the best policies and frameworks may fail. The other options, while important, do not have as direct an impact on gaining widespread support as corporate culture does.