Certified Information Security Manager (CISM) — Question 1092

When establishing an information security governance framework, it is MOST important for an information security manager to understand:

Answer options

• A. information security best practices.
• B. the corporate culture.
• C. risk management techniques.
• D. the threat environment.

Correct answer: B

Explanation

Understanding the corporate culture is crucial for an information security manager as it influences how policies are accepted and implemented within the organization. While best practices, risk management techniques, and the threat environment are important, they must align with the corporate culture to be effective.