Certified Information Security Manager (CISM) — Question 1158

Which of the following is MOST helpful in ensuring an information security governance framework continues to support business objectives?

Answer options

• A. A consistent risk assessment methodology
• B. A monitoring strategy
• C. An effective organizational structure
• D. Stakeholder buy-in

Correct answer: D

Explanation

Stakeholder buy-in is crucial for the success of an information security governance framework because it ensures that all parties are aligned with the objectives and willing to support necessary initiatives. While a consistent risk assessment methodology, a monitoring strategy, and an effective organizational structure are important, they cannot operate effectively without the commitment and support from stakeholders.