Certified Information Security Manager (CISM) — Question 1117

Which of the following is the BEST evidence that senior management supports the information security program?

Answer options

• A. The information security manager reports to the chief risk officer (CRO)
• B. A reduction in information security costs
• C. Consistent enforcement of information security policies
• D. A high level of information security risk acceptance

Correct answer: C

Explanation

Consistent enforcement of information security policies demonstrates that senior management is actively supporting and prioritizing the security program. The other options, while they may suggest some level of attention to security, do not directly reflect management's commitment to enforcing and upholding security policies.