Certified Information Security Manager (CISM) — Question 112

Which of the following would be MOST effective in changing the security culture and behavior of staff?

Answer options

• A. Promoting the information security mission within the enterprise
• B. Enforcing strict technical information security controls
• C. Auditing compliance with the information security policy
• D. Developing procedures to enforce the information security policy

Correct answer: A

Explanation

Promoting the information security mission within the enterprise is essential for fostering a culture of security awareness and commitment among staff. While enforcing technical controls, auditing compliance, and developing procedures are important, they do not directly engage and influence employee behavior as effectively as promoting a security-focused mission does.