Certified Information Security Manager (CISM) — Question 1083

Which of the following should an information security manager establish FIRST to ensure security-related activities are adequately monitored?

Answer options

• A. Regular reviews of system logs
• B. Accountability for security functions
• C. Procedures for security assessments
• D. Schedules for internal audits

Correct answer: B

Explanation

Establishing accountability for security functions is crucial as it defines roles and responsibilities, ensuring that security-related activities are monitored effectively. Without clear accountability, the other options, such as reviewing logs or conducting audits, may not be executed properly, leading to potential security gaps.