Certified Information Security Manager (CISM) — Question 1070

Which of the following BEST helps to enable the desired information security culture within an organization?

Answer options

• A. Information security awareness training and campaigns
• B. Incentives for appropriate information security-related behavior
• C. Effective information security policies and procedures
• D. Delegation of information security roles and responsibilities

Correct answer: A

Explanation

Answer A is correct because information security awareness training and campaigns directly educate employees about security risks and best practices, which is essential for cultivating an informed security culture. While options B, C, and D are important for supporting security initiatives, they do not directly engage and educate employees to the same extent as awareness training.